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From the makers of... 

Data Rescue 3 


Ootfl Recovery Soflwflre 


The best selling data recovery software for Mac... 


PrOSOFT ' 


...comes the 

complete data 


recovery service. 
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The Data Rescue Center was founded by Prosoft 
Engineering, makers of the award-winning Data 
Rescue software. Our recovery know-how provides 
unparalleled advantages over other recovery 


services. 




FREE hcndwore diagnosis 

FREE specictlized drive Sc laptop 
boxes sent direct to you at NO COST 

No Data, No Charge 
Professional Results at a Lower Cost 

Numerous awards in 2010 lor Best 
Computer Recovery Service 

Class lOO/ISO 5 Cleanroom 
Class 2 Vault 


FREE E-Woste Recycling 




The Data Rescue Center is headquartered in 
Livermore, California at a new state-of-the-art 
facility near Lawrence Livermore National 
Laboratory. 
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This new facility provides out recovery engineers 
with the top technology to recover your computet 
data while offering best-in-class security features 
to protect your data from being compromised. 
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• Bestof fnconlMlor 3i 


Imetroactivel 


1599 Gtoenvute Rd Livermore CA 94550 


The Data Rescue Center 


hard drive recovery dafa migtatton photo archiving 


877-501-4949 


TheDatoRescueCenter. com 
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We’re Easier. 


In fact, Real Studio is the easiest, fastest way to create software for Mac OS X, Windows, 
Linux and the web. 


Why use Real Studio? Real Studio is the only object-oriented, cross-platform software 
development tool that enables users at all levels to create powerful, stand-alone, native 
applications. With over 40 native user interface controls including buttons, lists, fields 
and tab panels, extended database support, native reporting and Internet and networking 
features, Real Studio is cross-platform that really works. 

Now, Real Studio Web Edition allows you to use this powerful development environment 
to easily build web applications — no need to know HTML, JavaScript, CSS, AJAX and 
PHR And, unlike those usual web technologies. Real Studio compiles your web 
applications to binary, so they are safe and easy to sell. 

Real Studio. Cross-platform development for humans. 


real studio 


Real Studio. Cross-platform development for humans. 

www.reaisoftware.com/realstudlo 
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From the Editor 


■ ■Me are once again thrilled to bring you this month's issue of MacTech. Ifs truly an 
miu incredible state of affairs that we find ourselves in, and everyone at MacTech is 
W W honored to be a part of it. Whafs going on, you ask? 

We aU know about Steve Jobs stepping down from his main, day-to-day role at Apple. 
However, the follow-up is the real story: investor confidence contmues and Apple is stiU, well, 
Apple. Now, unlike some others, 1 won't claim it's the same company. However, 1 wouldn't 
have claimed that had Steve Jobs not gone anywhere, Apple is evolving, and will always 
continue to do so. The company certainly has built up a culture of disciplined excellence that 
will cany on. 

While the Lf.S. and tlie world groans about the economy and jobs in general, technology 
people are still mostly in demand. Particularly developers, (If you've been reading anything I 
write, I've been talking about this for years.) Apple fuels so much of this. From the mobile 
space (iOS) to the Desktop (the Mac App Store), the barrier to entry is the lowest it has ever 
lx?en. Even IT consultants and staff c;in provide custom-developed solutions that enhance their 
client's business. Those solutions are often open sourced or sold. 

This month's cover story is tlie work of a developer of a utility for Sys Admins, Great 
combination, right' Developer Jonathan Mitchell, autlior of KasmicTask (and now, author in 
MacTech) describes his utility, what goes Into setting it up and using it and its scripting-based 
architecture. 

If you’re still wondering how to get started, catch up with Peter Hosey's, '"Objective-C: A 
First Look ” Peter started last month with a base level of the C language, and is now describing 
the foundations of Objective-C. Even if you choose Ruby, Python or oilier language, for 
developing on any Apple platform, youJl need to know CtK’oa and some Objective-C. 

For those that are consulting, or those thinking of doing so, check out tliis month's 
Consultant Cowfxiy, which gets further into the question most consultants wonder alxiut: 
money. Most of us are competent enough to handle the tech side of things, but die money 
factors always seem to elude us. Let Ryan Wilcox's experience help you out, 

while we have plenty of other important content this month, IMl make mentitm of one 
more. In this month's MacTech Spotlight, we feature Hisham Khalifa. Hisham follows his 
passion for Mac development late nights, after work. If you're in need of some inspiration to 
get started, start with this mondis MacTech Spotlight. 

WeTe a little less than a month out from this year's Mac'lech Conference. We have great 
speakers, great talks and great plans for this event. Make sure you're part of it. Check out 
hftp/(vw«madech.OTn^cnfa^^ for more infonnation and registration. 

See you next month. 


Fd Marchuk. 
Executive Editor 
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Consultant Cowboy 


by Ryan Wilcox 

Pricing and 
Money: Ups & 
Downs 


Introduction 

The great thing about being a cowboy consultant is that 
you’re in control of your work and it’s great when money ts 
coming in like crazy. When you're working so hard you hardly 
have lime to invoice, it's pretty nice knowing that a big payday 
is on its way. 

The flip-side to this is when you can't find work, and 
your current projects are coming to an end, or your bills are 
piling up faster than you can pay them off. Sometimes the tips 
from the ‘'Debugging Pricing Problems” Consultant Cowboy 
article can help, and sometimes not. 

There’s often a flow to consultancy, an up and dcjwn 
pattern: busy, slow, busy, slow. The trouble is dealing waih the 
slow times without going broke. 

This article will talk about exactly that situation, 
discussing ways to cope with the “feast then famine” cycle that 
seems prevalent when being a consultant. The second half of 
this article has some recommendations on how to avoid an 
uneven cycle like that in the first place. 

Ways to cope 

If you're in a slow time, I feel bad for you (son). Been 
there, done that. Ideally you’d have your primary sources of 
income and a few backup plans too. 

As I’ve said in the past, most of my work has usually been 
for client at a lime, and these clients always want all of my 
time. Lately I’ve transitioned to having several clients who 
want a day or two of my time, and a few side projects. 


One big main client and 1-2 side clients 

One way to avoid the ups and downs of cc}ntractLng 
work, especially if you have one main client, is to find another 
diem whose work you can do on the side (nights, weekends, 
whenever). This is a hard one. If you’re working 40^50 hours 
for one client it’s often hard to give the other clients the time 
they need... especially if you have non-billable work to attend 
to. 

Sometimes it's very hard to even find the time to look for 
secondary clients while you’re working hard on the main 
client. However, the disadvantage of having one main client is 
that when that client discontinues your services, your Teast” 
time quickly becomes “famine” time. The part time client can 
provide some security here—at least some money is coming 
in! 

Consult with a product on the side 

Several very successful .corn companies staned off as 
companies doing consultancy work to bring in money while 
simultaneously developing a product to launch. 

Maybe you don't even have a gcK)d idea for a product to 
launch. Software development, at least for me, generates a 
large amount of byproduct: libraries spun off the main app, 
applications that could be productized for general use, 
st^ftware used internally to help get the job done better. (For 
example, writing your own time tracker.) 

With the creation of the Mac App Store, I think even small 
applications make sense as side products now. The Mac App 
Store reduces the costs of publishing software, especially paid 
software. No longer do you have to set up the infrastructure 
for handling downloads and sales for your app: Apple does it 
all for you (for 30% of the sales price). 

1 think this changes the dynamics of the software 
market—assuming you have an idea for a ,small app, that can 
be implemented quickly. You can make money on an app that 
you charge only a few dollars for. A small, side product—one 
that you can create between client work, or evenings and 
weekends—might not fully supplement your client income, 
but it might give you a little cushion for those lean times. 

Consulting and a non-computer side 
business 

There’s a lot to he said about this idea. For a while I tried 
to sell books for a profit on Amazon, and one of my former 
clients also sells customized Swiss Army knives on Ebay, in 
addition to his main (software) product. 

The thing about custom software development, and some 
IT work, is that percentage wise not many normal people can 
afford our services. (Granted, this is different if you also offer 
service and support for customer machines, not just company 
clients.) With a product, you've potentially opened the market. 
Who's not in the market for a J4.00 Mac App Store app, or a 
(.99 iPhone app? (Theoretically, anyway) 


Consulting is often “feast or 
famine” when it comes to 
money. Here are some tips. 

_ J 
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Welcome to DaVinci Resolve 8, 
Hollywood's most powerful color corrector! 



With over 25 years' experience in color correction, DaVinci Resolve is the 
worid^ most loved high end color grading system! Only DaVinci Resolve is 
designed to be real time all the time, so it keeps yp with you when you're 
working on demanding client jobs. With the most creative toolset and 
highest image quality, it's easy to see why DaVinci Resolve is used on more 
Hollywood feature films, syndicated network television series^ music videos 
and high end television commercials than any other system. 


’■dv'’-' 


Automated for Speed 

DaVinci Resolve Includes more automatic tools such 
* as the 99 point 3D window tracker so you'll rarely need 
to manually track windows! You get automatic 3D eye 
matching, auto-grade, auto stabilization, auto 3D color 
matching, automatic XML, AAF and EDLconforming, realtime proxies, auto 
scene detection and much more! 


Greater Creativity 

With a massive toolset designed by colorists for 
colorists! The innovative YRGB primaries and node 
based design allow more aeative grading and better 
looking images. Combined with power windowsj 
RGB mixing, curve grading, blur, sharpen, mist, keying, noise reduction 
and 32 bit float quality, you get more with DaVinci Resolve. 


World's Best Connpatibiitty 

No system supports more fib formats in real tme than 
DaVinci Resolve. Grade from mixed format clips on the 
same timeline including raw RED and ARRI, even in bayer 
format, ProRes"^ H.264, uncompressed and more. Get full 
multi layer timeline XML, AAF and EDL round trip with editing built right into 
DaVinci Resolve! If your edit changes, Resolve will automatically relink grades! 




Super Computer Processing 

DaVinci Resolve uses a cluster of GPUs for real time 
super computer performance. Simply plug in an 
extra common graphics card (GPU) to get more 
performance. Add up to 3 GPUs on Mac OS X or a 
massive 16 GPUs on Linux. The freedom is yours, and there are no extra 
software costs! Simply plug in GPUs when you need more power! 




DaVinci Resolve Lite 

Fi^ dtownlosd limted to 1 GPU and 2 nodes, with the same 32 hit flogt cfuatity. 


Free 


DaVinci Resolve Software 

Full Resolve wth unlimited nodes and mwltipie GPUs, Use 3rd party psritrol panels- 


DaVinci Resolve 

Full Resol vB with ooloilst control surface for the most advanced faFcyities. 


*995 
* 29,995 


Learn more today at www.blackmagic-design.Gom/davjnciresolve 




















Consulting and a highly side automated 
business 

The bad thing about one main client is that sometimes the 
demands of this client suck the hours out of your week, leaving 
the side clients starved, giving you no time to work on your 
products, or taking you away from your workbench and your 
non-computer side work. 

Ideally you'd like a business that could bring in extra 
income with you putting very little time into it. The 4 Hour 
Work Week by Tim Ferris, is an excellent resource for this kind 
of business. Some may hate Tim Ferris, or the ideas of this 
book, but here's where it come into play. Computer 
programrning is a very in demand field, so we can charge very 
high hourly rates and still have people knocking down our 
door. Any side business that takes time away from this job 
should (in the ideal work) bring in as much or more money 
than our hourly rate programming. If it isnT, then why not put 
in a 44 hour week witli your main client instead of putting in 
40 ht)urs and spending 4 hours making cliarm bracelets you're 
going to sell over the Internet? 

But, if y(3U could create a side business that required little 
or no work by you, you could possibly make—if you do the 
math—a very good hourly rate on tho.se hours you actually did 
work. 

While the odds may not be all that good to have a mega¬ 
successful highly automated side business, we’re not looking 


for that—^weVe just looking for money to come in to 
supplement the money we're making in our client work... and 
maybe cover our rent if a client doesn't pay up, a project 
doesn't end when we’d like it to, or we're in-between clients, 

CD Ladder 

Another thing I’ve debated is setting up a ladder of CD 
{Certificate of Deposits). Under this idea, I would take an 
exceptionally gaid month's profits and divide any extra mcmey 
up into 4-6 CDs, 

For example, if I have a good month, and bring in an extra 
|2,0(XI, I could divide that into 4 CDs of S500 each. If each CD 
expires at a different times (3, 4, 5 and 6 months) every month 
I would have the option of either renewing an expiring CD or 
letting it roll over for another few months. 

The Simple Dollar weblog has an awesome explanation of 
putting together a CD ladder 

(http://www.thesimpleclotlar.eom/2008/10/05/creating-Q-cd- 
lodder-foT-you r-em e rg e n cy-fy nd-o r-o the r-sa v i n g 5-to-ea r n-o-faetter-sofe- 
rehjrn/). 

1 like ifus approach—while it's really easy to tap your 
savings account for extra money, it's slightly harder to use a 
CD. This approach also scales up: Have another good month? 
Just buy CDs at the same interval: you'll have two CDs that 
expire on the same month instead of one (yf)U could then 
consolidate those two CDs into f>ne, probably for a better 
intere.st rate). 



Take Control of your Software 

Manage all your Mac, Windows and iOS devices from a single interface, 


filewave 


File level deployment 
Patch Management 

Schedule activation/deactivation of client systems 

Easily revert to previous versions of software 

Post deployment control of any file on your client systems 


explore moreatfilewave.com 











Download a FREE 45-day trial at www.retrospect.com/trial 


Roxio' Retrospect 9 

Backup & Recovery for Small Business 





NEW IN RETROSPEQ 9 


Back Up to offsite or cloud storage with 
new WebDAV capabilities 



Grant on-demand backup and restore 
permission to Retrospect Clients 



Get great performance on the latest 
hardware with support for Mac OS X Lion 
and the latest 64-bit Intel processors 



Use client-side Growl' notifications to 
communicate when backup activities are 
running 



Use Retrospect’s new S.M.A.R.T. Disc 
Monitoring feature to be warned of 
impending hard disk failure so you 
can take immediate action 



Manage access to end-user features 
with new administrative controls 


To learn more, please contact your 
local reseller or call 866-825-7694 


www.retrospectcom 
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How to avoid money ups and downs 
in the first place 

Always be Selling 

One way to avoid the money up and downs is work very 
hard—even during busy times—to drum up more work. There 
are two questions that immediately come to mind 

‘What happens ifI gei some of this I’m looking for? Pm 

booked, and don't have time to do it nowr 

There are two ways I approach the contradiction of finding 
yet more work when youYe already up to your eyeballs in 
work. 

If your work tends to be mostly project-based work, then 
an alternative is to schedule, on the calendar, when you'U be 
able to get to the new work. For example, if you know your 
current project ends in two weeks, then schedule this new 
project to start 20 days from now. I recommend building some 
slack into your project schedule, as I did here, to avoid issues 
when a project takes longer to fully implement diat you 
expected (or takes longer to integrate on the client side!) 

If your work lends to be long running, “We want a day of 
your lime every week" projects, then those are slightly different. 

I spent a good bit of this summer doing networking. This 
Lime it was not networking for clients, but networking with 


other freelancers that might have some availability to do work 
for me. 

This way I can pass off any woric that T get, which I don’t 
have time for, to another freelancer. The client is happy because 
the job gets done, and Fm happy because I didn't have to make 
a spot in my schedule. 

The book The Unlimited Freelancer by Hipp and Chartrand 
(published by the people at http://www.freelancefolder.com) calls 
this cross-sourcing: when you're hiring freelance talent as good 
(or better!) than you are, to complete a task that you might not 
have time to complete yourself. 

If you’re an advanced web developer, you want to find 
someone who can complete advanced web development work 
up to your level. This network can be hard to build, but I’m 
currently running two projects witli some freelance “cross- 
sourcers”, on top of the 3 client projects Fm working on 
directly. 

"Fm wotking fuil time imth the clients / bam—1 don't have 
time to do marketing, fvegoi paying umk I haife to doU 

This is tricky, because youTe in demand. I would, however, 
highly recommend taking a day every week and working on 
your marketing. 

You want to do marketing when you’re busy to make sure 
you have jobs coming up to keep you busy. Marketing during 
one of the down times is not fun (I know, IVe been there): 
you're pre.ssured to find something before money runs out, and 









Hassle-Free Firm Quote 





$10 bonus per quote - refer rail code ^mactech?' 


ehfV 

t 


We buy iPhones, iPads, & Macs 

Get paid after your product is 

received and tested! Guaranteed! . „ 

_ www.Se!!YourMac.com 


$ellYourM6c 


Custmner senke ami satsiacliiiii i1 |iriiiril]| 
















LIVE ODD^ 


Unleash Your 
Killer App 





MORE THAN JUST MOBILE 

DEPLOY TO 7 POPULAR PLATFORMS FROM A SINGLE CODE BASE. 


TEAR INTO YOUR APRS 

Build apps more than twice as fast as any other environment. LiveCoders save on 
average $38,250 per project.* 

UNCHAIN YOUR WORKFLOW 

Live coding keeps development agile. Modern and powerful compile free workflow 
saves time at every step. Changes happen in front of your eyes. 


SEIZE YOUR NEXT OPPORTUNITY 


Millions of people use LiveCode-built solutions every day. Build apps people want now: 
beautiful mobile games with stunning hardware accelerated graphics, or productivity 
apps with gamification that engage users. 


* LiveCode Usage Survey Spring 2011. When compared to other popular alternatives such as JavaScript. 


DISCOVER WHY 9 OUT OF 10 CUSTOMERS RECOMMEND LIVECODE 

TRY IT FOR YOURSELF. LEARN MORE AND DOWNLOAD A 30 DAY FREE TRIAL. 


runfeu 


www.runrev.com 


LIVE cooe 






sometinie.s you hack yourself into a situation that might not be ideal 
for you (too low pay a project that didn't “feel right", or a deal that 
be bad for you in a tew months). 

Which is why I like building a day of marketing into my 
budger/schedule, even w'hen Tm super busy. Admittedly, it's very 
easy to get sucked into client woik 5 days a week (at least for me), 
but 4 days a week of client work is ray goal. 


Alliances 


1 think it’s just as important to network with other feelanceis, 
as it is to network with potential clients—even other freelancers tliat 
don't do the same work as you do. 

For example, Fve gotten a fair bit of woik from marketing 
agencies who need some help completing a website or cTmiputer 
program for one of their clients. Tliey know that some custom web 
development lias to be done to complete the marketing objecilve, 
don’t have that experience in house, and liire me to do tlie required 
website work. 

Miiybe a sales coasultant might need an FT professional 
consultant to wire up and install servers at a client location. 

Likewise, another thing that happens with freelancers is 
bidding, or wanting to bid, on a job tliat's loo big for just one 
person to liandle. Taking the job on as part of a teanValliance of 
freelancers may be the way to succeed. 

In addition to providing skilis you don’t have, or extra hands 
on a project, an alliance of freelancers may also be a source of leads 
for you in the lean times, or a place where you could recoiiunend 
clients when you're simply too busy to take on more work yourself. 
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Sources of Emergency Funds 

When I started Wilcox Development Solutions, my 
fmancial advisor started a life insurance fund for me. Tills life 
insurance fund was more than just money for my family when 
I die, but also a fund where I can borrow money when 1 need 
it. 

Over time this has built up and now I can borrow a fair bit 
of money from it. I use this as botli an emergency fund, and a 
fund to consolidate some of my loans. For example, die other 
day I used it to pay off a credit card, essentially refinancing the 
credit card’s interest rate. 

1 haven’t needed to use the life insurance money to pay 
monthly bills, but it's nice to know that the money is there if I 
might need it. 

The simple savings account shouldn't be ignored here 
eitlier. January and February (of 2011) were busy montlis lor 
me. A client had a project they wanted delivered, at all costs, in 
the middle of February, so we ended up working a lot of hours 
to see that happen. Being paid by the hour, like I was, meant 
that 1 had gocxl months for a few months. 

While some of the money 1 earned went to pay off loans, 
1 also made sure to save some of that money for a rainy day, 
when there wasn’t so much work available. 

I have a savings account attached to my business checking 
account, and I use that as an emergency, or cushion, fund. It's 
not high tech, and it may not get the l>est interest rate, but it is 
convenient. 

I could also set up automatic withdrawals from my 
business checking account to that savings account. I find this 
especmlly important if your bank wiD withdraw from that 
savings account if you overdraft your checking account: it’s too 
easy lo forget to replace tlie money that die bank automatically 
transferred to your savings. 

Conclusion 


I know how hard it is when there seems to be no current 
projects coming in, and thus no money coming in. Been there 
a few times myself. Sometimes die trick Ls to not put tex) many 
of your (fmancial) eggs in one basket, or increasing your 
network. Sometimes the answer is preparation: being ready for 
the inevitable. 

Sometimes the trick is to reevaluate your pricing (see 
Debugging Pricing Problems, in Mactech July 2011), and 
sometimes the trick is to reevaluate your pricing methods: 
which will be the topic of next column. 


Until then, see you, consultant cowboy! 
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Mac in the Shell 

by Edward Marczak 


MacRuby 
Drag and Drop 
File Rename 

An evolving foundational 
starter project 

___/ 

Introduction 

Recently, we began a MacRuby-based project that 
demonstrates drag and drop, (Well, strictly, it*s just drop that 
we’re showing.) Since it’s such a signature feature of OS X 
and the Macinlosh, it's important to understand as drag and 
dr<jp is deeply ingrained into the user experience. This 
month, we update the project to operate on the files 
dropped on to the project. Let's continue. 


The Project 

Two articles ago, we put together a complete framework for 
a drag-and-drop application. As that, it really just was a outline 
structure that showed us the files that were dropped on the 
application, but didn't do anything past that. Let's make it do 
something useful, now. How about an application that checks 
the filenames of the dropped files and ensures there are no 
illegal characters? Well, for whatever we define to be “illegal,” of 
course. (File systems differ on illegal characters and it’s often a 
more challenging problem than 1 have the space to solve here.) 

I always encourage you to follow along and create the 
project along with tlie article, but, the completed project is 
available from the MacTech ftp site at ftp://ftp.fnactech,com. To 
follow along, as in past anicles, you’ll need Xcode. This article 
will use tlie latest version of Xcode, Xctxle 4. Launch Xcode 
now, and load the project from last time (or load the completed 
project you just downloaded and ibllow along). 

Adding Supporting Code 

First, we are going to add a new Ruby function to our 
project. This function will have the sole responsibility of 
cleaning a filename. We'll keep this function separate, in its 
own file for two main reasons: reusability and cleanliness. 
Reusability because who knows where else this code may come 
in handy? Cleanliness l?ecause it makes our job as developer 
much easier Since this code isn’t directly related to our 
interface or drag and drop functions, it should stay out of that 
portion of the code. 

1b add this new hie, choose File“>New, or simply press 
command-N. You1l see the sheet presented in Figure 1. 


Installing MacRuby 

If you havenT been following earlier articles, we’ve 
been using MacRuby, which i.s a variant of Ruby L?. 
MacRuby is an Apple-backed project that allows the Ruby 
language to run directly on top of the objective-C runtime. 
This was covered in the initial article on Ruby in this series, 
so, for more details, please see that article (MacTech 26,12, 
December 2010), If you haven’t already, download and 
install the latest version of MacRuby from 
hnp://www.mocruby,org/downloads,html (version 0.10 as of 
this writing). MacRuby installs itself separately from the 
sy.slem Ruby, and all binaries are prefixed with 'mac'. (Install 
MacRuby after installing Xcode—ideally Xcode 4.) Please 
take note of the warning on the downloads page: “[Tjhis 
release will only work on Intel 64-bit machines running 
Snow Leopard (10.6) or higher.” You can grab the .source 
and compile up a version that runs under 52-bit, though, if 
you need to. 


C1iioos« ft Tempiftu for your n«w flie: 


A FOS 

Cocoa Touch 
C aniJ C+-* 
User Interface 
Core Data 
Resource 
Code Sign^n^ 
Other 
Ruby 

Mac tlS % 

Cocoa 
C and C4 + 
User }nterfii£e 
Core Data 
Resource 
Other 


rb 


I'bi Ruby Fild 

A Ruby file. 


Cancel 


Figure 1 - adding a new Ruby file to the project. 
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Because you've installed MacRuby, you have the additional 
option to create a Ruby fde. Choose that option and click Next, 
where you’ll be presented with the sheet in Figure 2. Save the 
file as “ClcanseFileNamejb". 


Save As; CleanteFlIetone.rb 


^ . iri 


Where: | C MrOND2 j , 


t 1 


Croup 

; 

Targets WA MrWD2 

@ Deployment 



Cancel | { Sav^ ] 


Figure 2 - Adding a file to a folder group and target. 

While this file could be placed in any folder group, these 
exist for your benefit, so use theml Since this is a small project, 
Fm choosing the “Supporting Files" group. You'd be equally 
correct in creating an entirely new group and adding the file 
there. 

Check both targets, and click “Save.” The contents of the 
CleanseFileName.rb file is pretty simple. (And again, please 
note thiit this \s noi meant to be entirely exhaustive or specific 
to any one file system.) See Listing 1 for the CleanseFileName 
function. 

Listing 1: CleanseFileName.rb 

def CleanseFileNaiueCpath) 
illegal_inap = t 

-> 

=> 

=> 

“> •*_% 

1" => "■ 

"r -> "1”, 

*0" ■=> “0", 

I 

filename = File.basenaine{path3 
dirname = File.dirname(path) 

filename, gsubt {/(,)/) I |c| lllegal_niap[c] || 

Regeitp. escape (c) 1 

path “ File.join(dirnaiTie,filename) 
path 
end 

We liave covered all of these data types and loops in past 
articles. If you Ye rusty on what they do, take the time to review 
them now (via tliose articles or in your favorite Ruby Ixjok or 


resourse). In shorty we define a map of characters we consider 
to be illegal in a file name, and the replacements for each 
character. We even through in a little 133t speak for fun (and for 
being obvious while testing). The only trick here is that we map 
the period character to...a period. This is just a little hack that 
gets around escaping the period character by the 
Regexp.escape method. 

Back in our AppDelegate method, we need to make some 
changes. First, add the following re<[Uire line to the very top of 
the file, as we’re going to depend on the find library; 

require "find' 

Then, update the main loop in the 
performOragOperatioo function to the code in Listing 2. 

Listing 2: Updated loop in performDragOperation 

far path in paths 

if File.directary?(path) 
if recurse into directory 
Find.find(path) do \f\ 

i SetName(f) if not File.directory!(f) 
cleanpath “ CleanseFileName(f3 
if f != cleanpath 

File,rename(f, cleanpath) 

NSLogL"Henamed fflfl t© #{cleanpathl") 
end 
end 
else 

cleanpath = CleanseFileName(path) 
if path 1= cleanpath 

File.rename(path, cleanpath) 

NSLogt“Renamed #1 path I to #[cleanpath T') 
end 
end 
end 

Effectively, the only real change is that, unlike the original 
code which just reported which paths had i:>een dropped on the 
view, we’re calling our new CleanseFileName function. If there’s 
a change to the file name, we touch the file system and rename 
it (and log the change using NSLog). 

In action, we see two offending files in Figure 3: 



Figure I - Two offending files being dropped on MrDND 

Once dropped, you can watch them be renamed as it 
happens. Don't blink! It happens fast. Figure 4 shows the 
renamed cleaned files in the Finder. 
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Figure 4 - The newty cteaned files. Note the changes. 


Remember thiit you can drt^ip an eniire folder onto tlie %'iew 
and it will recurse dirough the entire structure and rename all 
offending files found witliin. 

Conclusion 

You now have a small application that axn accept drag events, 
get the list of files dropped on a custom view and operate on those 


files. Congratulations! Of course, there's always room for 
refinement, and we liave plenty to do. While this code works in 
most normal circumstances, we're not checking for errors and will 
bomli on files that we don't have permission to rename. Also, we 
don't give any feedback to the user as to what we're currently 
doing while renaming. Well continue to refine and attack these 
issues next month. 

Media of tlie month: Warzone: Anomoly by 11 bit studios, 
Tliis small development team from Poland has really hit on a good 
game. It’s a ’'tower offense'’ game available tor iOS, Mac and PC, 
I’ve just been liaving a great time playing this...you know, in my 
copious free time! 

Until next month, like I've uSaid before, get some more Ruby 
praaice in on your own and don't be afraid to experiment. Hope 
to see you and discTiss MacRuby at MacTech Conference 2011! 

i\\\ 
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Objective-C: a First Look 



So you want to write a Cocoa or Cocoa 
Touch program, and you know C 

If you read my article from last month, you know at least 
enough C to kncjw where Objective-C is coming from. I 
intentionally skipped a lot of syntax in favor of explaining 
concepts. 

This entry' in the series is the same thing, but no^' well be 
looking at Objective-C's other side: objectoriented progriimming. 

I should note: There are many object-oriented languages, 
each with different variations on OOP, so don't take this article 
as tlefining die One I'aie OOP, 'lliere is no right or wrong form 
of OOP; every language has its own perspective on it. This series 
is about Objective-C, so die OOl^ I’m describing liere in 
Objective-C's Snialltalk-innuenced llavor. 

Objective definitions 

Object-oriented prc5gramming is where Objective-C gets its 
name. Objective-C extends C to inducie features—including new' 
syntax and keyw^ords—to enable OOP 

OOP is exactly wliat its name says; You think aliout your 
program in terms of, and build it from, olijects. You build objects 
by de.scribing them in code, and put them together by de^scrihing 
ho%v they talk to each otiier 

Objects 

If your program is a play, objects are the actors—or, better 
still, the chamaers. Each object does some combination of 
knowing things (state/data) and doing things (methods). ObjecLs 
communicate with each other by sending each other me.ssages. 

Messages 

A bunch of characters just standing around and acting 
separately do not miike for a very interesting play. For your 
program to be at all useful and/or fun, your objects must talk to 
each other. They do this by sending messages. 

Every message has tliree parts: 

■ A receiver: Tlie abject you are sending the message to, 

• A selector: The name of the message you are sending. 

• Zero or more arguments. 


And does one or more of three tilings- 

• Ask the receiver of the message for some information (usually 
another object). 

• Provide the receiver with .some information (usually another 
object), 

• Ask the receiver to do something. 

Any code can send a message, hut only an objea c'an 
receive a message—that is, you can only send a message to an 
oliject, not to anything else, A C function can send messages to 
objects, just as objects can, and an object can send itself 
messages. Objects can also call functions, just as other functions 
can, but that’s not an Objective-C message; it is a function call 
exactly the same as it would be in a plain C program. 

Sending a message to an object is called message passing, 
and iPs how' you invoke the metliods of an object. Methods are 
very mudi like C functions, but a method belongs to an object; 
sending a message to an object is Ik)W you call tlie metliod’s 
implemenuition, 

One important differenc’e between metliods and functions, 
and lietween me.ssages and function calls, is dynamic dispatch. A 
function call is siaticalfy hound: your function call is hard-wired 
to that function when you build your execuuilile, so it will only 
ever call that function, it will jump tliere directly, and the call will 
go ihrough eveiy time. A message is ilynamicaUy bound 
(dispatched): The method that will am is detemiined at the time 
of the message, and no earlier. 

Out of this comes another difference, this one between 
function names and selectors, A C function’s mime cmly ever 
refers to a single function, never tcj any other Funaion, The 
function name alone Ls enough to identify the function, so, in a 
fiinction c'an, it is the function name alone that determines which 
function will be called 

A selector, on the other hand, is not enough by itself to 
identify a method It is only part of a message. The other part that 
determines the iiiediod to be called is the receiving object. When 
you send a message to an object, the Objeedve-C runtime library 
looks inside the object to find what mediod it has for diat 
selector. If it Ends one, dien it calls diat method. 

Tliis implies several things: 

' Differenl objects will respond to the message differendy. For 
exam].>le, IxKh NSString objecLs and NSDarn objects respond 
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to length messages, but each has its own implementation. 

• It is possible not to find a matching method. When this 

happens, you get an exception that looks like this: ject 

<SomeClass 0xd3c2bla0> does not respond 
to selector calibrateFramistan**. This is a 
symptom of one of several possible bugs in your code. 

• It is possible for tlie object to have no matcliing method, but 
provide one upon demand. Tliis is advanced usage tliat most 
applications do not have a need for, but it does help 
demoastrate how dynamic Objettive-C can be. 

Tlie messages an object responds to are determined by the 
methtxJs that it possesses, which are provided by the object’s 
class. 

Classes 

Objects are descxibed by classes. If the object.^ are 
characters, their classes are the script. Each class is sort of a 
template description of an object; when you if'istantiate (create 
an instance of) a class, the instance is an object tliat Ix^haves the 
way you wrote in its class. 

In some places, you c'an treat classes as objects (you can, for 
example, send messages to them), but most of die objects in a 
program are instances. You can cre^lte as tiiany instances as you 
need, but a class exisLs no more than once. Like functions, classes 
are identified by name alone, so there can't be two classe.s with 
the same name. 

Of all the things in OhjectjveC. classes ciirrespond most 
strongly to modules in C. In fad, classes in Objective-C typically 


reside in a header file and a module file, each named after die 
class. 

Idle separation between interface and implementation Is 
even stronger in Objective-C than in C, as Objective-C requires 
you to declare diem in separate sections. As in C, the convention 
is for the interface to go in the header file and the 
implementation in the module file. 

A class describes itself and its instances. For itself, a class 
provides elms methocU; when you send a mes^sage to a class, a 
cla-ss method is usually what will mn. (Yes, usually. The 
Objective-C documentation goes into more detail; for now, just 
know that if you w^ani to send a message to a class, you should 
make sure the class has a class method to respond to it with,) 

For a class's instances, it provides imtance methods and 
instance mnahles. Just like class methods do for messages to a 
class, instance methods are what run when you send a me.s,sage 
to an instance. (While a message to a class may hit a class 
method, a message to an instance will afu^vs either hit an 
instance methex:! or fail.) 

Instance varialiies, also called imrs for short, are where an 
instance keeps state and/or cbita. Like any other variable, an 
instance variable is a container dial you can put something, such 
as an object, into. When you dedan? a variable, you declare its 
type, whldi indicates w'hat you can, should, and hopefcilly wiQ 
pul in it. 

A das,s also usually has a superclas.s, in w^hich case it is said 
tt) ""inherit from” or \iescend from'' that class, and is called a 
suixiass of that class. Everything you declare in a class’s interface, 
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including metht)ds md instance variables, every subclass of that 
class will inherit. When a class has no superclass, it's called a rcK.it 
class; if you imagine a tree of classes, with subclasses branching 
off from tlieir .superclasses, you can see why. 

A subc:lasvs can provide its own implementations of methods 
provided by a superclass; this is called ov'eniding the superclass 
implementation. The subclass implementation can call up to the 
5uperclas.s implementation by sending a message to the specml 
keyword super. It doesn’t have to l>e the same message you’re 
responding to (you can call the superclass s implementation of a 
different method), but it's best to only send the same message; 
doing otherwise wHl make your code confusing. 

In some languages, a class can have more tlian one 
superclass; tliis is called ''multiple inlieritance''. Olijective-C does 
not have multiple inheritance' Each class eitlier has no superclass 
(is a root class) or has exactly one superclass. 

When you use or subclass one of Apple’s classes and want 
to find how to do something in Apple’s reference 
documentation, don’t forget to kx)k in the documentatiem for the 
class's superclasses. Apple does not redundantly document every 
inherited metliod, except usually when the sulx:lass changes the 
method’s Iiehavior, so a methcxl you need may actually be 
implemented by and dexumented for a .superclass of the class 
you’re working with. 

Properties 

It's ejuite common for other code to either ask for something 
from an object or give something to an object. The object 
enables this by responding to accessor messages, A getter 
message returns the current value, w^hereas a setter message 
changes it. In Cocoa and Cocoa Touch, these should follow a 
certain naming convention, w^hich is descrifed in Apple’s 
“Coding Guidelines for Cocoa" document. 

Properties formalize this in a syntax that explicitly declares 
a property, meaning a relationship to anotlier object, and not just 
a pair of tnethods named according to a certain convention. A 
property declaration implicitly declares one or two mediods (the 
getter and setter, the latter l^eing optional) and, most of tlie time, 
an instance variable in w^liich to hold tlie value. 

Tlie usual way to implement a property is to syntliesize it. 
When you do tliis, tlie compiler generates the instance variable, 
getter method, and (if appropriate) setter metliod for you. The 
main alternative is to write imy or aJl of tltese yourself, which is 
completely valid, as long as they match the declarations implied 
by the property. You can even synthesize die property, then 
implement one or both of the methods yourself; die compiler 
wall implement w^haiever you didn’t, 

I’m intentionally skipping a lot (T details for now. I won’t say 
much more about properties in this article. Part 3 of this series 
will show die synmx for declaration and synthesis in brief, and 
Part 4 wiE go into much more detail on properties and a couple 
of related topics. 
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Protocols 

If you’re coming from Java or .NET, you’ll recognize these 
under the name “interfaces”. (Objective-C uses the term 
"interface” for the public interface of a class.) 

A protocol declares a list of methods and properties. It can 
declare some as required (the default) and others as optional 

Classes can declare that they conform to one or more 
protocols. When they do, the methods and properties listed in 
the protocol implicitly become pan of that class's interface; you 
can expect any class tliat confonns to a protocol to implement 
any required methods and properties declared by tliat protocol 

Subclasses inherit protocol conformance. If a class's 
superclass conforms to a protocol, then aU of its subcLisses must 
also conform to it. This Is another tiling to look for in 
superclasses' documentation. 

Unlike a class, you can’t create an iastance of a protocol. A 
class describes a kind f)f object (specifically, instances of tlie 
class), whereas a protocol describes a specific set cjf methods a 
class or its instances must provide. Protocols are most often used 
to enumerate responsibilities that a class or its instances must 
fulfill 

A protocol also cannot list instance variables. A protocol lists 
things that a conforming class must have in its interface; that only 
makes sense for methods, which are pan of the class’s interface, 
not instance variables, which are pan of its itnplementation. 

When you declare a class's confomiance to a protocol, it 
isn’t neces,sary to declare cvetyiliing declared by the protCKol 
again explicitly in the class’s interface. Declaring conformance to 
a protocol meaas that whatever is required by that protocol is 
part of the class’s interfate; no further typing is neces^sary. 

However, you should consider repeating the declarations of 
any optional methods or properties from the protocol that you 
implement, to make explicit that this class does choose to 
implement those methcxls. Whether this is appropriate %viil 
depend on the protocol and how you’re using it; re-declaring 
optional items is as optional as implementing them is. One bonus 
from doing .so is that you will get a warning for each optional 
method you declared hut forgot to implement. 

Messages vs. methods vs. selectors 

A common point of confusion for people new to Objective- 
C is the difference bemeen a method, a selector, and a message. 
I'hese are three related, but nonetheless distinct, things. 

• A method is the Objective-C analogue of a function. CIas.ses 
have methods, both for tliemselves and for their instances, 
while functions stand alone. 

• A message is to a metliod w'hat a function call is to a function. 
Sending a message to an object calls ilie appropriate method 
(if the object has one—i.e., responds to the message). 

• A selector partlilly identifies a method. When you send a 
message, the two most basic parts of it are tlie receiver, wliich 
is an object, and the selector. Tlie metliod is found by looking 
it up, by the selector, inside the objecL 


Selectors are also values, just like numbers and pointers. The 
type of a selector is SEL. Every' method has at least two 
arguments, the first two of which are liidden- 

• The receiver of the message, as an argument of type id 
(pointer to an object) with the name self. 

• The selector of the message, as an argument of type SEL 
with the name cmd. 

• .\ny other aigumenls the sender provided, which must match 
the arguments the methcxl expects. 

The two implicit arguments mean that, within a method, you can 
refer to the object that is responding to the message as self 
and, if necessary, you can refer to the selector of tlie message 
as _cmd. Ifs usually not necessary to use _cmd; C's own 

_func_(wliich is a constant provided and defined by 

the compiler, not a hidden argument) works lietter for most 
purposes, self, on the other hand, you will use all the 
time—specifically, any titne you want your object to send a 
message to itself. 

Since selectors are values, you’ll sometimes see methods that 
take a selector as one of the explicit arguments. These methods 
will usually take an olijeci in another argument, the idea being 
that you pass both an object lo send a future message to, and a 
selector that identifies the message to send. 

Another common place to see a .selector as a value Is as tlie 
value (>f a property. Tlie "target-action” pattern in Cocoa and 
Cocoa Touch is probably the most commL>n exarnple: die action 
is one property in a pain and its value is a selector. Tlie target is 
the other memfer of the pair, and its value is an object. Once 
you’ve set both, the object with both of these properties— 
commonly a control, such as a button—will, in some future 
circumstance, send an action message with the appointed 
selector to the appointed object. 

When using either of these, you’ll usually pass a literal 
expression for the seleaor. A selector literal looks like tliis; 
fselector(showFramistanList:). Note that despite 
die parenthetical marks, this is not a function call—it isn’t valid 
to say selector” by itself, like you can with a function, and 
the full expression is a single literal value, jiLst like 42 or 
"Hello". 

Selectors follow^ a simple fcjrmat: 

• One or more segments, with a colon after each. 

• If there is only one segment, there may be no colon after it, 
in w^hich case the selector must \y^ a valid identifier (such as 
foo or oo or foo_1231 and a method diat this selector 
would niatch .should expect no arguments (besides the 
implicit self and cmd). 

• Otherwise, each colon (each segment) corresponds to an 
explicit argument. Each segment may have an identifier name, 
which is generally a gtKxl idea, but technically optional. 

• The order of segments matters, foorbar ibaz:, 
f oosbaz ?bar;. and bar:baz:foo: are different 
selectors w^ith no relation to each othen (Compare Python, 
where a method f oo—solely identified by diat much—may 
take arguments bar and baz in either order.) 

Thus, tliese are all valid selectors: 

• f oo (takes no arguments) 
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• f oo: (takes one aj^ment) 

• foo: bar: (takes two ailments) 

And these are invalid: 

• foo:bar (when there are multiple segments, every one 
must have a colon after it) 

• I am the very model of a modern Major- 
General (not a valid identifier) 

• (empty) 

As with identifiers in C, case matters, foo is a different 
selector from Foo. The usual convention is that each segment 
has a low^ercase initial letter, unless it's part of a set of initials 
(such as ""URL”), with every word’s initial letter and every set of 
initials capitalized. Exantples from Apple's Foundation framework 
include: 

• length 

• writeToFile:atomically: 

• initFileURLWithPath: 

• URLWithString: 

A selector can refer to an instance method, a class method, 
or l:K^th. There is no way to tell from a selector alone w^hetlier it 
should be addressed to an instance or a class (or whether it even 
matters—there are a few^ messages that all objects respond to). 

Wrapping up 

Now^ you should have a handle on (jbjecl-oriented 
programming in Objective-C. To summarize: 


• An “objecf’ is an instance of a class (or, for a few purposes, a 
class itself—I duI usually just instances), 

■ A class has both an interface and an implementation, w^hich 
exist in a header file and a module file, respectively. 

• Objects talk to each other in messages. 

• Every message includes the receiver of the message (an 
object) and a selector, along with the exiDlicit arguments (if 
any). 

• Any code, including functions, can send a message to an 
tjbject, and you can send messages to any kind of object, 
including classes. 

• An object’s claSvS determines which messages it responds to 
(i.e., what methcxfs it implemenLs). 

• An object’s class also determines wliai properties and 
instance variables it has—i.e., what other objects and values 
it owns and kntm^s a!x>ut. 

Next month, well continue this look into Objective-G l)y 

digging into the syntax. 
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The Sandman 
Cometh 

How Apple’s sandboxing 
security feature will affect 
your Mac apps now, 
and to come. 

___ J 

Introduction 

We all live in a time when seairity is of panunourit 
concern- Whether it’s our veliicles, our homes, or our places of 
business, we are conditioned to think alx>ut things in tenns of 
safety' and security; This is no less tnie of our use of computers 
and mobile devices, which seem to lie a fertile playground for all 
sorts of hackery and nasty fiusiness these days. When it comes lo 
the major platfomis, Apple has sported a veneer of 
impenetnibility; viaises, Trojan horses, and other malware only 
happen on ‘‘tliat other plarfomi.” Although this perception has 
lieen tarnished recently with reports of surreptitious software 
tai^etlng die Mac specifically for die mast part it still holds true. 

Yet just liecause this lias held true up to now^ doesn’t 
mean that it w'ilJ continue to do so. Even w'ith the Mac currently 
’liaving the advantage in the security department, it still makes 
sense for Apple to try to stay ahead of the curve. Securit)^ dimats 
are always coming up and ever changing, and addressing diem 
head on am keep our favorite platJbrm ahead and winning the 
war. Such is the case widi App Sandbox, Apple’s teciinolog}^ diat 
w'e wall lie discussing in tliis montli's Dewioper to DetH^laper. 

It s A Scary World Out There 


it should be the point at which operations are either allowed or 
denied. 

In its simplest form, an application can simply start up, do 
some computation, and then exit. However, it is typically of little 
value to simply do something without interacting with tlie user in 
some way, either through showing visual information on the 
screen, or accessing a file, or printing a document. Tliese 
interactions with the screen, or file system, or external devices 
make our applications richer and more useful. They can also 
make our applications more susceptible to attacks, allowing rfiern 
to lx* used as agents for more sinister purposes. Recognizing this 
area of vulnerability and bringing in policies that can he enforced 
is tile essence of sandboxing. 

Life’s A Lot Like A Sandbox... 

Apples use of a sandbox as a metaphor for application 
security makes a lot of sense when you think about how a 
sandbox i.s construaed. It’s a rectangular shaped structure 
delineating a boundaiy, intended to keep material, in this case 
sand, within the bounds of the specific area. A “clean” sandbox is 
one that has only sand in the perimeter, and no sand outside the 
perimeter. Now; think of your application in such terms, and you 
can understand the intent of sandboxing: it strives to keep your 
app in best bekivior watli the rest of the system by giving it a 
well-defined set of Ixiundaries in which it can work and play. 

If you've been WTiting programs for a long time, life in the 
sandlxjx world am lx a little limiting. Most of us take it for 
granted tliat we c^an access any file on die file system (assuming 
pemiissions allow us to), use devices such as c'amems and 
microphones, open network connections over the Internet to 
odier computers, and even host our own servers. How can we 
live w'itliout fopen () or read {) to do I/O m C? That les^el of 
freedom Is restricted in a .sandboxed environmeni, and it can feel 
a lot like die walls are dosing in on your application. 

Hiose who have Ixen doing iOS development are acutely 
aware of the restrictions placed on their applications. Mac 
dev^elopers on the other hand, must become accustomed to this 
brave new^ world, specifically if they want to reside in Apple’s Mac 
App Store. That's bec:ause starting in November, Apple has 
announced tiiat apps in tlie store will be sandboxed. That has a 
lot of developers concerned abc)ut how their apps will behave in 
such an envirtmment. and rightly ,so. If an application does not 
properly plan for sandboxing, it may find itself suddenly crippled 
bec'ause .services that once worked are now^ denied to it, and the 


When you tliink alx)Ut .security on your Mac, it Is important 
to consider how attacks against a computing system can occur. 
All applications run as prcxe.sses on Mac 0$ X. In turn, each 
process runs with specific privileges based upcm the type of user 
(admin or otlierwise), and these privileges are granted and 
enforced by the operating system. Given that tiie kernel itself is 
the uaffic cop for the computer it is managing, it makes sense that 


user experience suffers. 

Entitlements To The Rescue 

With sandboxing, Apple's ultimate intent is to deliver seairiy 
at the application level. Obviously, Apple recognizes how 
important it is for our applications to continue do tlie things tliat 
they always did to make tliem useful. Just because an application 
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ains under a sandtoxed environment doesn’t mean that it should 
be restricted from accessing other files on tlie file system, or not 
use the c'amera or microphone, or not open a network 
connection. Our apps still need the freedom to do these things. 

That freedom comes tn the form of eniitiements. An 
entitlement is a grant, or allowance of a specific feature to an 
application. Essentially, the application ‘'asks'* for pennis^sion to 
open a network connection, or use a USB device or gain access 
to photos or music in a user’s home directory, Apple performs 
granting of these entitlements, and they will enforce this via the 
review process after your app is uploaded to the Mac App Store, 

Let’s say your app needs to access the Internet to obtain 
airport scheduling information on an airline’s web service over 
tile Internet. For your appliaition to gain access to that server, it 
must declare use of the entitlement 
com. apple. security * network to do so. likewise, if your 
app also needs to access the user's address book in order to book 
a flight. This ttK>, requires ;in entitlement, spec'ifically named 
com, apple, security, personal- 
inf ormat ion. addres shook. As you Clin see, tlie naming 
convention for entitlemenis uses the reverse domain name 
notation, with the common prefix being 
com,apple,security. 

There are a number of entitlements that your app can apply 
for, including access to external devices such as tlie microphone 
(com. apple, security .microphone) and the camera 
(com. apple, security .camera). Its easy to see why this is 
the case: a program with the intent of doing bad things could use 
a camera or microphone device to snoop or eavesdrop on users, 
capture data, then either save it to a hidden file on the filesystem 
or send it off to a server somewhere on the Internet, 

While Apple provides a considerable number of 
entitlements, there are certain operations tliat they have deemed 
candidates for temporan^ entitlements, A temporary entitlement 
is just thiit: it granLs applications tlie abilitV' to t>^^rform certain 
operations for an unspecified amount of time. Such temporary 
entitlements allow for sending of Apple Events, reading and 
writing in tlie home directory or even using al^solute paths, and 
tlie ability to perform global Mach service lookups. These are 
considered risky operations that Apple will apparently allow on a 
c'ase by case basis, since tliey reside outside the bounds of the 
normal sandlx)x. Since the word temporary is present, it is 
expected tliat these entitlements could Ix^ refined or even 
completely disiillowed in some future release of Mac OS X. 

So given all this discussion on entitlements, where are they 
stored? Entitlements reside in a file named appropriately, 
Entitlemenispfisi which is created for you in Xcode 4. To do this, 
simply select your target in Xcode 4 and ilicn click the Surarmry 
tab. From there, select llie entitlements you wish to use in your 
application from within Xcode 4, and check to enable 
entitlements and App Sandbc^xing (see Figure 1). These actions 
set tile com.apple.security.app“sandbox key 
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Figure 1. Entitlements pane in Xende 4 

llie Mac App Store review process will match up your 
entitlenienLs against your appliaition's l:)eiiavior to detemiine 
w'hether or not your application makes it into the store, or is 
rejected. And take note: asking lor entitlements tliitt your app 
doesn’t need may get your app disapproved* so Ix^ judicious in 
the entitlements that you selea. Make certain diey are needed! 

Files, Processes And The App 
Sandbox 

For mo.st of us, accessing files on the loc^al file system will be 
the number one sandlioxing issue that we will liave to deal with. 
Depending on how^ your appliaition works* it may ask the user 
to open a file, or save a file^ via the ubiquitous file dialog box. For 
sand boxing, Appli^ has intnxluced a proce.ss based file dialog 
called R)m^i?ox, This is a separate prixess that is spaw ned when 
the user wants to ojien or save a file. Tlie process manages the 
interaction with the file system thnmgh the open/save dialog, and 
once a file is selected, your application is granted access to that 
file. HoW' you can access that file dejiends on your entitlement. 
There are two entitlements: one for reading files 
(com * apple.security.documents.user- 
selected, read-only), and one for writing files 
(com.apple . security.documents.user- 
selected . read-write). 

If your applic’ation does not need to write documents, it 
should only request the read-only entitlement. There are also 
folder specific entitlements available for applications to access 
user folders including documents* movies* pictures, and mask. 

Another interesting restriction is the application's notion of its 
viewable file system. Sandixjxed applicatioas will have fuD access 
to a folder and its contents located in the aseris 
Library/Containers folder, but any file access outside of that 
will require entitlements. 


If your application forks processes, be aw^are: application 
sandboxing is enforced by the kernel, an application’s 
entitlements are inherited by any child process that it spawns 
through die fork/exec functions. This does NOT, however, apply 
to applications spawned by Launch Services using LSOpen () or 
other methods or funaions. Applications launched in this manner 
will attain their own entitlements as specified by their entitlements 
list. 

Viewing Entitlements For Existing 
Apps 

If you have Lion* you can view the list of s^tndlxjxed apps 
currently running on your .system by launching Activity Monitor 
and ensuring that the “Sandbox'' column appears in the table, as 
shown in Figure 2, You can also check for sandbox violations by 
checking the Coasole applic'ation for any logging information 
from the sandboxd daemon. 



it is also helpful to see just w^hat entitlements are being used 
on existing sandlx^xed apps, Use the codesign command line 
utility" to inspea the entitlements for applications that are 
sandboxed, like so; 

$ codesigE -d -v — entitleiDents - /Applications/TextEdit.app/ 
ExecutablW Applications/Text Edit .app/CoDtents/MacOS/Text Edit 
Identifler=com*apple.TextEdit 

Format=buiidle vitb Mach’O universal (1386 x86_64} 

GodeUirectory v^2010D slze=987 flags=OxOCnone} bashes=4l+5 

1 oc at i on=eiiib ed ded 

Signature size=4064 

info.pllet eiitriBs“30 

Sealed Resources rules-11 files^lO 

Internal requirements count=l size^344 

??qq7<?xml version^"! .O'* encoding=''UTF-e"7> 

<!D0CTYFE plist PUBLIC "-//Apple//DTB PLIST 1,0//EN" 

"http: i /www.apple.com/DTDs/PropertyLlBt'l.O.dtd") 
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<pllst veralon="l.O'") 

<dict> 

<key>com*apple.security.app-sandbox</k6y> 

<true/> 

<key>coi]j. apple, security. files .user ■ selected. read - 
write</key> 

<true/> 

<key > com. apple, security. print < /.key > 

<true/> 

<key!>c om. apple. security .app -protection</key) 

<true/> 

<key>coiii. appl e. security. documents - user - selected. read - 
write</key> 

<true/> 

</dict> 

</plist> 

Here, the TextEdit application is shown with tlie 
com.apple.security,app-sandbox key set to tme, along 
with liie four entitlements that it needs in order to peifomi its 
duties. For a list of available entitlement keys, consult the Cock 
Signin^tf and Application Sandboxing Guide, available from 
Apple’s dcKunientation website. 

Mitigating Risk With XPC Services 

Am)ther direction that Apple is encouraging apps to take in 
the name of security is XPC services, ilie idea beliind XPC 
services is that certain functionality in our applications can lie 
refactored into their own helper applications, doing one or 
perhaps more specific things on liehalf of any application. IPs 
similar to tlie ol^iject-'Orieiited approach dial we take in our 
applications, except the functionality for an Xl^G service resides in 
a separate process. 

There is also a security aspect to using XPC services. Since 
sandboxing is a process-wide enforcement mechanism, 
entitlements apply to die entire process, not just parts of ii You 
c'annot say that diis section ol' my code can have entitlement A 
while another section c^in have entitlement B. It's all or nodiing. 

Breaking out functioniility into separate prCKesses allows a 
separate sandlx^x environment hr your main application and all 
of its helper processes, so different entidements can apply to 
different prognims. An example that Apple has provided in their 
material is an application that downloads a file from tiie Internet 
and dien compresses it. The application orchestrates the creation 
of the download task, which is a separate process that contaias 
entitlements to make a netw^ork connection -notliing else. Using 
some forni of interpnjt'ess communication (IPC), the download 
Risk then passes the acquired information to a compressor task 
whose job is to create a file with the compressed representation 
of die downloaded data. Hence, the download task only needs 
the entidement to write to a file chosen by the Save dialog. 

Tlie reasoning is that by breaking diis Rinctionality into 
separate processes and compartmentalizing functiomdity, it makes 
the overall application more secure. Since each XPC service Is a 
process, its own entidements are enforced by the kernel. There’s 
also another added benefit of XPC services: reuse of specific 
helper applications among a group of applications. Tliis can be 
very useful if you have functionality diiit spans a number of 
applications that you support. 
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Something To Keep You Up At Night 

Wliile app sandboxing lias a lot of advantages and gives us 
peace of inind, tliere aie some dowasides to implementing it^ 
especially for us as developers. Tlie obvious elephant in the room 
is whether or not Apple will eventually recjuire all applications, 
even tliose not purchased from ilie Mac App Store, to run in a 
sandboxed environment. This remains to Ixt seen. Obviously the 
ramifications of such a move would be significant and 
widespread. There are many apps that would require a gcxxl bit 
of work to behave well with sandbox restrictions. Wliile this 
particular scenario hasn't l^een broached by Apple, it is something 
to coasider as time goes on. 

Summary 

It's obvious tliat sandb(3xing will become a more important 
part of our work as appliration developers in the near and 
longer term. Secxirity is a moving target that doesn’t stay still, so 
we can expect more and more changes with regard to entitlement 
availability and granularity, it's going to be interesting to see how 
it ail unfolds. 

I w^Quld encounige you to examine your apps and identify^ 
ix'haviors (file & network access, Apple Event use, etc.) that may 
need to lx* addressed through the use of entitlements, even if your 
app doesn’t currently sell in the Mac App Store, If you have an 
A[)ple Developer Account, i wuuld also reconimend viewing the 


videos fnim WWDC 2011 entitled “App Sandbox and the Mac App 
Store'’ and ‘Introducing XPC." 

Bibliography and References 

Apple, Creating XPC Sen^kes, 

http: //d evelope r.apple. com/I ib rary/mac/ #doc u men tatf on/MacOS 
X/ Conceptual/BPSy stemStartu p/Ch □ pters/Creati ngXPCServices. htm 

I 

Apple, Code Signing And ApjMication Sandboxing Guide, 

http://developer.apple.com/library/mac/ documentotion/Security/ 
Conceptual/CodeSigr^IngGuide/CodeSEgningGuide.pdf 

\\\\ 


About The Author 

Basy G. l^re a a semr software engHfeer with 
Nume Commmaitms, where he woths on 
totting e^ speedi retoffolion software for the 
Mac He bolds a Master of Sdeate h Computer 
Stiente from the University of loouKtno or 
Lafayette, and resides in the ifuiet anmtrydde of 
Prairie floode, Looisiana. Besides Mat 
programnong, Ins halAies and inroresfs intkde 
retro-toaipoting, bam rodn, motAiHie and artade game restoration, 
and playing Cqaa mask. Yoa tan readi Hm at liaisy@teedioy.am. 



Convert DVI To MiniDisplayPort 


Gefen introduces a new solution for enabling computers with DVI connectors to utilize 
new Apple displays using the MiniDisplayPort connection. The converter is a low cost 
solution available that makes the legacy computers 



stretch It. Switch It. Split If. Gefen’s Got if. “ 







The MacTech DVD - Volumes 1.01-27.03 


is packed with more than ever before -- over 3300 articles from more than 300 issues 
(1984- March 2011) written by almost 900 experts, all 29 issues of Apple's develop, 

21 issues of Frameworks magazine, all the source code, MacTech Viewer, working 
applications, full documentation, demos for techs, and more! The latest version includes all 
kinds of third-party applications, videos and demos. 


See for yourseif why MacTech Magazine's DVD 
is the best information source for Macintosh 
techs and developers. Search quickly through 
over 27 years of of great information provided 
by MacTech. information to save you time, 
and make your life easier. 



Requires Mac OS X v. 10.4.5 or iater 



Toll Free 877-MACTECH, Outside US/Canada: 805-494-9797 • http://www.mactech.com/dvd/ 



































The Whys and Hows of Lion's 
Recovery HD 

What is it, and why do we need it? 


One of the new featufes in 107 is the lion Recovery feature, 
Tlie general idea is tliat, if your \x>oX volume runs into trouble, you 
am fxjot from the hidden Recovery HD partition on your hard 
drive, or NetBoot from Apple's Lion Internet Recovery (only 
avaUable to Mac models introduced in July 2011 or later.) Once 
lxx)ied to the Recovery HD drive, you'll have access to all of the 
tools you need to run diagnostics, repair your disk, restore from a 
Time Mactiine backup, or even reinstall 107. 

Since tlie average Mac admin has oilier tools available to boot 
and Tlx ilie Mitc, tliere aie some questitjas atx>ut it tliat may arise, 
like "Why is Recx)veiy' HD there?", “How do 1 create a Recovery' HD 
partition?", “Gin I run witliout it ^md ^ be supported^" and “How 
can I remove it?" 

why Recovery HD is there 

The Recovery^ feiture is there for a couple of reasoas, one t>f 
which is obvious and another that is nor as obvious. The obvious 
reason is that it provides a safet>^ net that s alw^ays aaiilable for your 
Mac to u.se, Bven if your OS Is non-hindiomiL you am lxx>t from 
Recovery HD by holding down Coninxind-R during stanup. Once 
lxx)ted from Recovery' HD. you c'ln use its tcK)ls to fix your Mac 
or recover your data from a Ixxit drive svitli problems it) ant)lher 
drive attached to your Mac, More important, as long as your Mac 
has a connection to the Intemel (and thus to Apples sen^eni), you 
c^n reinstall an OS that will IxxX your Mac without having to hunt 
for insmll media. 

The non-obvious leason for Recovery HD has to do witJi 
FileVnult 2, KileVault 2 encrypts your Ixxit panition. but your Mac 
still needs an unenaypted space to bcxt to and allows access to the 
encayption unkx'k tools. T1ie Recovery HD partition serves as the 
needed unencrypted S|.xice. Tlie FileVauk enciyption proces,s will 
dieck IxTore lieginning the encryption to see if tlie Recovery HD 
partition is there and will not start the enayption process if it's not 
there. 

Creating your own Recovery HD partition 

One of the more mysterious processes in lion is how die 
Recovery HD partition Ls created in die firsi pHce. Tliere's no 
“Create Recovery HD" button in 10*Ts Disk Utility and there’s no 
obvious command available to create it after tlie fact. This is 
especially important when imaging, as a number t>f imaging tcxds 




by Rich Trouton 




(Apples NetRestore among diem) don’t create the Recovery HD 
partition when laying down an image. Fortunately tliere's a way to 
oeate a Recovery HD partition without liaving to install Uon 
entirely 

Prerequisites: 

Install Mac OS X lion.app from the Mac App Store 

A .separate 3GB or larger drive on which to create the 
Recovery HD partition 

L Wipe die drive and use Disk Utility to repartition with one 
GUID partition. In my case, I named the drive RecoveryBuild. 

2. Mount the InstallESD.ding file from the lustall Mite OS X 
Lion.app 

3. Open Tenninal and dump the instiillatit)n choices for a 
stiindard OS install to an xml file by running tlie following 
command: 

installer -verbose -pkg /VolurDe5i/Mac\ 0E\ X\ Instail\ 
ESD/Packages/OSInstalHinpkg ‘tgt /Volumes/Recoveryflnild - 
showC'hoiceCbaJigesXML > /tinp/choices.xml 

4. In wliatever editing program you prefer, edit 
/tmp/choices,xrtil so diiit all of the attnl>utcSetting keys are sec 
to zero, except for the Essentials ystemSoftware and 
EssentialSystemSoftwareGroup diets, in which case the 
attributeSetting key is left at 1, Tills is to sjieed tlie prtxess up a 
bit Iw not installing ;di of die packages. 

5. In Tenninal, mn die installer command with the modified 
choices .xml file: 

sudo installer -verbose -pkg /Volumes/Ma.c\ 0S\ X\ Install\ 
ESD/Packages/OSInstall.iupkg -tgt /Volumes/Recovery Build - 
applyCholceChangesXHL /tmp/cholces .xml 

What tliLs prtx-’ess dotes Ls to install a fully functioning 
Recovery HD piirtition and leave a non-functional Lion installation 
on the main partitir)n. Once you liave die Recovery HD partition 
created, you can deliver an image witii NetRestore or another 
imaging too] to the main partition. 

Running lion without a Recovery HD 
Partition 

It is possible to install lion without having an accompanying 
Recovery HD partition created Two Apple-identified scenarios 
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rtrogtor — ssh — 82x7 


/d©V/^disK6 



TYPE NAME 

51IE 

0: 

GUID_partition^scheme 

*BmA GB 

1; 

EFI 

209-7 MB 

Z: 

Appie_HF5 Macintosh HD 

499-2 GB 

3: 

Apple^Soot Recovery HO 

6B0-e MB 


Figure 1 - diskutil listing showing recovery partition. 


where the Recovery HD partition may not created are the 
following: 

- The disk you are installing Lion on is a lUID volume 

- The disk has a non-standard Boot Camp partition setup, 
where further partitioning was perfomied after mnning Boot Camp 
Assistant, or the configuration that Boot Camp Assistant created was 
manually modified. 

Apple will support a Mac tliat’s mnning Lion without a 
Recovery HD partition, but it would not l>e pcxssil^le to enciypt that 
drive with FileVault 2. in die event tliat you would need tlie utilities 
tiiat Recovery HD provides, Apple recommends hiiving anodier 
drive w ith a Recovery HD partition available. 

Removing Recovery HD 

In the event tliai you decide you don't need to have a 
Recovery HD partition on your Mac(s}, it can lae lenioved hy 
mnning a lew commands in Temiinal 

1. To get tile identifier of the Recovery HD disk partition, mn 

die following coniniand: 
dlskutil list 

You should see output similar to Figure 1: 


In tliis case, the identifier is disk0s5- 
2. Next, use the identifier to era^se the 
Recovery HD partition and rename it as 
a drive named RemoveMe: 

diskutii eraseVoli^Hte HFS+ RemoveMe 
diskDsl 

3* If desired, you can run the 
following command to [eclaim the space 
by merging your main and recover)^ 

partitions togedier. 
diskutil mergePartitions RFS+ "Macintosh HD" disk0s2 disk0s3 

Note: When mef^ing tiw or morepanUiom, always make sum 
to haw a current backup of your data. 

Conclusion 

With any new OS comes clianges, and Lion lias produced a 
number of them for Mac admins to work on imd woik with. The 
Recovery HD partition is one diat your users will liardly see, but 
may prove to lie a significani ftictor in your de[ik>yment strategies 
for Lion. Hopefully tlie infomiation provided sliould help you 
decide whetlier or not to include Recovery HD wdien you noli out 
Lion in your own environment. ^ 

oil 
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Mugginsoft LLP 



Introduction 

KosmicTask is an integrated scripting enviionment for OS X 
tliat makes it easy to develop, rest and share script leased tasks 
across a network. At iLs mast abstract, a task Ls simply a named 
operation performed at the request of a user At its most particular 
it is a ciirefuHy autliored sequence of instructioas in a designated 
scripting language. The KosmicTask environment provides 
facilities tliat help users to kxrate and execute the Functionality the\' 
need and allows authors lo create and update tasks in response to 
user requirements. 


Tasks: <.Flun 


; ^ u ni; 


- 

- jlO 

OupllcsT€5 a f :fmes 

0 


(le»et Alt 


j tHj Flic nsme 

c 

File Centem - arlowed fife lyiKi: all 


File 1. j.5fi;iQnath:. ^Oc-cumr^'" 

j, Dm -1 

' Preview What every eorrrptjTer uiiei^tisc s... 

Select - 


on ktJssfiicTaskftilePath, 
try 


flleCount} 


— generite our f 4 .l 1 : ouoUcote list 
set fileList to 1} 

repeat flleCount tises 

set enO nf fileList to filePath 
end repeat 

— return our Ust 

return {fcosnicFlle:tilsList, Kosnicintoi" 


Figure 1. KosmicTask executing a file duplication task on a remote 
machine. 


A task may have a nunil^er of defined inputs of specific types 
(text, numl^er, file etc) and may return a result to the user. 
Kr>smicTask supports simple text Irased resulLs but also features 
exteasrve support for complex data results tliat can te saved in 
various common Fomiats. Complex results can also Ixf used to 
return entire files, which means that highly effective file processing 
Uisks can be written in any of the supported scripting languages. 

A default in.stallation of OS X provides acces-s to a wide range 
of scripting languages and KosmicTask provides pliigdn support 
for all of them tihe shells, AppleSciipr, Java, JavaScript, Perl, PHP, 
I^ython, Ruby and Td). In addition, the application also includes a 
number of emitedded language plug-ins that greatly extend 
scripting possibilities (C, C-Hh, Lua, F-Script, JSCocoa and 
LuaCocoa). tt is hopefully obvious that KosmicTask takes a pretty 
iilx^ral vie^' of what constitutes a viable scripting language and 
Kosniic logic says tliat it lias very little to do with tlie language 
itself and common usage patterns and everytliing to do with 
accessibility. Titus, wliile die likes of C-H- will never rival Bash or 
Perl as a general s^^stem adminlstnition language, KosinicT’ask 
provides traditional sc'ripting ease of use to a robust interpreted 
C-H- implementiiion tliat makes exjxrrimenting with and learning 
about C+-I- enjoyable and instniciive. 

In addition to providing additional language plug-ins, the 
appfication also provides a means of extending what can be 
achieved with scripting dirough tlie use of several Cocoa bridges. 
Tlie Cocoa framework provides tlie broad underpinnings of the 
majority of OS X applications and provides a wealth of 
functionality dial can lx* called upem to build genuinely powerful 
tasks. An additiomd benefit provided by the CtKOa bridges is that 
they prc.)vide access to an alternative meiins of automating 
application.s. OS X includes long standing support for application 
automation via AppleScxipt which, although highly capable, is 
undoubtedly idiosyncratic. Tlie Scripting Bridge is an OS X 
technology that pemiils .scripting languages other than AppleScTipt 
to engage in application automation. 
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Target Audience 

The concept of a computational task is universal and the 
intended target audience is correspondingly broad. System 
administrators will find tliat the application offers a secure means 
of providing script based maintenance and tasks can be aeated, 
edited and execiited remotely. The file tmnsfer and automation 
suppon feamres will appeal to commercial anci ci^tive users who 
wish to share or centralize file processing operations. Software 
professionals can l^uild libraries of executable code samples and 
quickly pn>totype design ideas. The application also makes a great 
platform for implementing the sort of remote data acquisition 
projects commonly encountered in science and technology. 

Non-teclinical end users will obviously benefit from accessing 
tasks targeted to their needs and team mangers can easily review 
the available tisks to ensure that common processing and 
workflow functionality remains relevant and up to ckite. 

Tire application is also a great place in wiiich to learn about 
scripting and expeiimeni w'ith ilifferent apprtjaches and solutioas. 
Tire Internet prtjvides access to vast amounts tjf downloadable 
script code in a pletliora of source languages. KosmicTask makes 
it practical for anyontc from the determined home user to the 
gnarled sysadmin, to Dike relevant scjurce material in a perhaps 
unfamiliar scripting bnguage and customize it to their needs. 


Task User Overview 

From a user’s point of view^ a task is a resoume that exists 
somewhere on the network and somehow or other does what 
needs to be done. KosmkTask features a fatniliar iTunes like multi- 
tabbed user interface with the following features: 

Network task browser. Users can browse connected machines 
for suitable tasks or use the Spotlight powered search facility to 
search aaoss all tasks available on the network. Tasks c'an be 
displayed according to group meml>ership or alphabetically. 
Automatic network discovery. Bonjour is used to easure that 
users have access to available task resources as machines 
connect and disconnect from the network. 

Secure task sharing. 1 aslcs can be m:ide accessible to all network 
users or only to tliose who can autlienticate. Network data 
privacy is accomplished using IIS. 

Support for multi-tasking. Multiple tasks can be run 
simultaneously in individual mbs or tasks can be detached into 
individual windows. 

Comprehensive history retention. Each tab retains a detailed 
history of all the tasks executed within it and all results 
generated. An application wide hLstory facility retains a long¬ 
term record of ULsk activity that can l>e used to recall previously 
execnjted msks and their inputs. 
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Figure 2. Simultaneously calculating PI to 10,000 places on 3 different 
machines. 

Ta^ks are executed on the machines that host diem. Tills Is 
often an essential requirement when dealing witli application 
automation as the target application has to lie locally accessible. 
Tasks may generate resultSt such as text, imagery or files, all of 
which can he browsed and saved to disk or forwarded to otlier 
applications. For a compreheasive explanation of all aspects of the 


user interface see the online help book at 
WWW, m ugg 5 nsoft, com/kosm icf as k/ hel p. 

Task Author Overview 

From a task author’s [xint of view a task is a piece of 
functionality that makes use of panicular scripting technologies. 
Most IT and computer professionals will liave a [ireferred set of 
skills, tools and resources to call upon whilst non prolessional task 
autliors will most likely start witli some scavenged example code. 
Kasmiclask includes a range of autlior feamres tliar wall appeal to 
experienced and novice authors alike: 

Sample tasks and templates. The application includes a numlier 
of fully funciional sample tasks in a range of scripting 
languages. A powerful template facility pa)vides a range of 
short templates for each of the supported scripting languages 
thiit demoastrate hc3W' to implement key pieces of functioriiility 
(how^ to access arguments, how to return a file, how to 
automate an app, etc). These templates serve as starting points 
for new tasks and as essential reference material. 

Intuitive task editing and testing. The task editor provides a 
simple environment in which to define tasks, edit code and 
peifomi test executions. The code editor feamres language 
aware .syntax coloring and, if appropriate, a build stage may be 
invoked to check for syntax errors or perform compilation. 
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► Korn shell 

► Uta 

▼ Lua CcKOd 

f ^ Apphcatiof) 


► 4 TimpUtii 


▼ Q Documents 
[)] Links 
Q Usage 
^ # Settings 
► X User 
► Perl 
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30 sclf*^_ivars-timer = NSTiraer: schertu letfTifnerVJit hTimelrte rvfll_t a rget_selec tortus 

31 self,^ivars.count » 0 

n 

33 — keep the task running after the entry point function e^its 

34 taskCont roller:keepTaskRunningf} 

35 

36 return 

37 end^ 

30 ‘'-v?:" 

39 } 

40 

41— method: timerFired; 

42 KosiaicTaskr^timcrflredJ*] « 

43 { 

44 function(self, timer) 

45 


► PHP 


► Python 
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► Ruby 

► Ruby Cocoa 


Script 
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Figure 1, Application resource browser displaying the list of LuaCocoa templates. 


Zero configuration building. Mast can lie created without 
any configuration, especially if they are based on a template. 
Any build or runtime configuration lliat is required can Ix^ 
applied at the level of an individual task or as a bnguage 
default. 

Remote access. Authors who can authenticate its a valid OS X 
iLser on a network instance of KosmicTask can aeate and edit 
tasks remotely, This provides an efiicient means for configuring 
tasks on shared application servers and for providing remote 
task support. 

Integrated resource browser, 'llie resource l^row'ser pnjvides 
access to appliattion supplied tenif^lates, docimientation and 
language configuration settings. In addition, task audiors can 
define their own templates and create additional 
documentation. 

Hello Kosmos! 

Thiit's it for the formal introductions! Now it's time get 
perstjnal and saying iiello is a typically terrestrial way to Ixrgin. 
First, if you don't already have KasniicTask, you should download 
the latest version from 

http://vyvw,mug9irisofi.com/ko5mick)sk/downfoad. To create a new 
task from within KosmicTask select the Admin button from tlie 
Task View conlrcM {if you have .selected a shared iastance of 
KosmicTask then >tju will he asked to auUienticate). In tlie Task 
section of the edit window^ we as,sign a name, grc3up and various 
otlier properties to our task. We may also optionally define a 
number of task inputs. Selecting the Edit button wall display the 
code editor and because our task is currently empty the template 
sheet will be displayed. We navigate to the Ruby application 
templates and select the Hello kosmos item as follows; 

Listing 1: Doing the introductions in Ruby 


# send result to stdout 
puts "Hello. koBtiioel" 

Every supported scripting language features a similar Hello 
kosmos template that simply returns a .string of diameters to the 
user when the task is executed, tn the case of Ruby and other 
traditional command line scTipting languages, this Ls achieved 
simply by printing or explicitly .sending data to stdout. In addition 
to generating results, many task.s will reejuire input. KosmicTask 
provides a number of stancLird input types any number and 
combination of which can lie defined as the input set for a 
[>articular task, 'llie following example simply echoes the first task 
aigiiment back to the user: 

Listing 2: Echo a task input in Ruby 

# echo first coiiiiij.aud line argument to stdout 
puts ihAXGVlOlr 

If we define a texaial or niimeric input for our task then the 
alx)ve template will simply echo that exact input back to the user. 
Hoivever, if we define a file input and select a text file, say 
test * txt, tlien die result of executing the al>Dve template will be 
something like: 

/UBera/Jonathan/Library/Caches/com.inugginsoft,kosmictaskserver. 
flies/CVxLZ5/test.txt 

This rev^eals iliat the contents of our input file liave been 
copied into a temporary aiche (note tliat tlie original file name is 
preserved). This l>ehavior enables input files sent from lx)th local 
and remote machines lo be accessed kxally by our task script. It 
also has the additional benefit of easuring that tasks operate on 
copies of input files and not on originaLs. Echoing die actual 
concent of our input file is a relatively simple matter: 
listing 3: Echo a task input file in Ruby 

§ echo first command line argument to stdout 
path “ ARGV[0] 

puts "input file path “ flpath]" 
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opetiCpatli) l|f| 

# echo content even if the file is empty, 
puts “input file content = #(f.readJ" 

1 

Some ta,sks may only require input files, but to compose a fuUy 
Functioning file prcx:essing task we will need to return a file to our 
user. In order to do this our task will have to return a ccjmplex 
result. 

Complex Result Handling 

Tasks can generate two types of re.sulLsi 
Simple Result, A simple result Is a string of characters 
representing either a block of text or a texuial representation 
of a number or other o[>ject such as a date. All of the supported 
scripting languages can return simple results. 

Complex Result. A complex result is a structured object that 
contains one or more parts and can retain type information for 
each part. Complex results may alsc? incorporate styling 
information that can be used to format the displayed result. All 
of the supported scripting languages can generate complex 
results. 

In the examples above, our Ruby powered tasks returned 
simple textual results by printing to sidouL In order to generate a 
complex result, we format our result using YAML, a lleKible, 


human-readable data serialization format. The next example 
returns a list (aka an array) of the solar terrestrial planets: 

Listing 4: A complex block YAML result in Ruby 

# return a YML block format list 
puts 

puts MEtciiry" 
puts *- Venus" 
puts *- Earth" 
puts Mars" 

YAML aLso defines an optional inline fonnatring style (which 
is equivalent to JSON): 

Listing 5 : A complex inline YAML result in Ruby 

§ return a YAML inline format list 
puts " 

puts "[Mercury, Venus, Earth, Mars]" 

Complex results c:an lie s(>rted and/or exported in various 
data formats. As well as defining a list, a complex result can return 
a dictionary (aka a hiish, map or iissociative array) of keyed items 
and ii is this facility that we will use to send the content of a file 
as part of our task result. The following e.xample takes a screenshc^i 
and returns the captured image file as part of the result; 

Listing 6: Reluming a result file in Ruby 

# file created in task current directory will be automatically 
deleted 

file “ "capture.png" 

# capture screen shot to file 
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Figure 4, A complex result displayed as text, as a plist and as an outline. 
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system “screencapture -t png " + file 

# return a YAKL inline format dictionary with filename 
puts 

puts **IkosmlcFiie; #ffile)* kosmiclntoi file returned)" 

The key point to note here is the ase of the kosmicFile 
dictionary key. KosmicTask pai-ses every task result and when it 
encounters tlie hie key it appends the content of the file to the 
result response. The kosmiclnf o key merely identifies a message 
to accompany the file. Now we are in a position to compose a task 
tiiat accepts a text file as input and generates a processed file as a 
result: 

Listing 7: File processing in Ruby 

#■ get the input file path 
path “ ARGV[0] 

# read the input file text 
data ^ 

open(path) [|f| data = f.read) 

# write the reversed data to a file in the current directory 
open("reverse(|fl f.write(data*reverse)} 

return our processed file 

puts [kosmicl'iie; reverse.txt. kasmiclnf q : file content 
reversed 1“ 

Tlie example above returas a single file. To return multiple 
hies we simply return a list of filenames as opposed to a single 
filename. The following example simply returns 3 identical copies 
of the input file: 

Listing 8: Returning multiple flies in Ruby 

il get the input file path 
path = MGV[0] 

return 3 duplicates of our input 
puts [kosmicFile: [JflpathL #fpath|, flipatht] )" 

[fs nearly time that we left planet Huby. Before we go we will 
consider one last point. The examples alxjve demonstrate the use 
of YAML for complex result structuring within the context of Ruby, 
but it is important to note that the same principle applies to many 
of the other suppt^rted scripting languages including all the shells, 
C, C-H-, Java, JavaScript tmd more. In actual fact, explicit YAML is 
provided as a fallback position for languages such as the shell 
script languages that often do not suppciit native structured data 
fomiiils. Although directly outputting YAML is functional, it is 
hardly elegant and in many languages, including Ruby, it can lie 
avoided altogether by the use of a KosmicTask controller object. 
Tills approach enables our task to return a native data structure as 
a result rather than having to generate YAML. A controller object is 
made available to every suitable task and works by automatically 
serializing the native data strucaire into the appropriate YAML. 
using the printObject method, before sending it to stdout. The 
example l>elow generates a complex native Ruby result containing 
a list of dictionaries: 

Listing 9: Returning a natim complex result in Rul^ 

§ access the controller 


require "KosmicTaekController" 

name = "name" 
radius ^ "radius" 
moons = "satellites" 

# Mercury 

satellites = Array["none"! 

Mercury “ Hash[name "Mercury", radius => 244Q* moons -> 
satellites) 

# Venus 

satellites = Array["none"] 

Venus “ Hashlname “> "Venus", radius => 6052* moons => 
satellites] 

# Earth 

satellites = Array["moon"] 

Earth “ Hash [name => "Earth", radius => 6371, moons 
satellites] 

# Mars 

satellites “ Array["Fhohos", "Beimos"] 

Mars = Hash[name => "Mars", radius 3396. moons 
satellites] 

# assemble the solar terrestrial planets 
Planets “ [) 

Planets.push EMercury) 

Planets.push(Venus) 

Planets.push(Earth) 

Planets.push(Mars) 

# print native object as YAML 
KosmicTaskController.prlntObj ect(Planets) 

Results can be opened in separate result windows and 
displayed in various formats: (Figure 4, l^elow). 

Farewell dear Ruby! 

Now, I like Ruby and you prokibly like Ruby but, having 
established some basic Kasmic principles, it's time to move on. The 
KosmicTask language plug-in architecture supports two process 
models when it comes to executing tasks. Traditional command 
line based languages run outofprocess with the task runner tliat 
executes eacli task. Other .scnipting languages run in-process with 
the task runner and tliis affects them in two distinct ways: 

Input handling. In-process tasks can send their inputs as named 
parameters to a specific flmction. This makes accessing and 
identilying inputs easy. 

Result handJing. In-process tasks can generally return native data 
stnictures as objeos without hawing to restart to YAML or utilize 
a controller. In die case of the Cocoa liridges (PyObjC, 
RubyCocoa, JSCkroa, etc) it also means that tasks can return 
native Cocoa objects as results, lliat last bit is, in my book, a 
humdinger. 

Now, I don't like AppleScript and you probably don’t like 
AppleScript but the fad is that it is the primary automation 
language for OS X AppleScript runs in-process so tlie points 
outlined alx)ve apply to the Mowing example, a duplicate of our 
previous file processing task: 

Listing 10: File processing in AppleScript 

on KosmicTask(theFile) 
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try 

“ read the input file text 
open for access theFile 
set fileContents to (read theElleJ 
close access theFile 

- get a result file object froin KosmicTask. 

— the file -will be automatically deleted when the task 

ends. 

tell application ‘"KosmicTask" 

set resultFile to result file with name 
^reverse.txt" 

end tell 

- reverse file content and write to file 
set fileContents to reverse of characters of 

fileContents as text 

open for access resultFile with write permsaiori 
write fileContents to resultFile 
close access resultFile 

— return our processed file 

return (kosmicFile:resultFile* kosmiclnfo: 
reversed"! 

on error errorfiessage number errorKumber 
return |kosmicError:crrarMessage] 
end try 
end KosmicTask 

So in this case, our tosk entry point is defined by the 
KosmicTask function and its single named input argument (the 
actual name of the entry point function can l>e configured in the 
task settings if required). Our file is processed as before and 
returned within a record, the AppleScript equivalent of a dictionary 
(it’s a coincidence that the AppleScript record syntax looks a lot 
like inline YAML). We also use the kosmicError key to explicitly 
flag an error. And at this point it might lie a good idea to tliink a 
bit more alx)ut file handling. 

We have already mentioned tliat input files get copied to a 
cache and in our file processing examples we created new files 
and reaimed tliem as results. A natural concern would Lie that a 
liusy task server would soon accumulate a lot of file detritus left 
over from task executions. However, there is nothing to wony^ 
about. Cached input files are deleted as soon as tlie task ends and 
as long as die task creates new temporary files in the 
recommended manner they will also be deleted when the task 
completes. Tlris last behavior is process type dependent: 
Oiit-of-process tasks. Prior to execution a temporary directory is 
created for the task and set as the current directory. Any files 
written to the current directory are considered transient. Wlien 
the task ends the entire temporary’ direaot}^ is removed. 
In-process-tasks. Tasks generally have access to a controller 
object that responds to the resultFileWithKame method 
and returns a iraasient temporary file path. AppleScript, 
however, targets tlie application itself, as can be seen in die 
previous example. 

Files received by a user as part of a result remain available to 
be permanendy saved until the task tab or window referencing 
them doses, at which point they are deleted. AppleScript would 
not lie a first choice for tasks involving complex file operations but 
it is good at automation, so here is an example that indudes both. 
It accepts a Pages ‘09 text-only document as input and returns an 
equivalent HTML file (this us accomplished by saving the Pages 


document as Rich Text Format first and then using the textutil 
command line utility to convert the RTF to HTML): 

Lisiing 11: Automation in AppieScript 

on Ko&mcTaek(pagesDGcFiJ.ePatb) 

- we need a path to save our RTF document file into* 

- the easy way is simply to append .rtf to our existing 
file path 

set rtfDQcFllePath to pagesDacFilePatb & ".rtf“ 

- save our pages document as RTF 
tell application ^Pagea" 

set myDoc to open pagesDocFlleFath 
save myDoc as “SliDocumentTypeRichText” in 
rtfDocFilePath 

close tnyDoc saving no 
end tell 

- get a result file object from KosmicTask. 
tell application “KosmicTask" 

set resultFile to result file with name "result.htral" 
end tell 

the shell script below will expect a POSIX path 
set posixPath to POSIX path of file resultFile 

- build an RTF to HTML convertor command 

set conmiand to "textutil -convert html -output ** i -> 
quoted form of posixPath 
set command to command & “ " & quoted form of 
rtfDocFilePath 

- do command via shell 
do shell script command 

- return result 

return fkosmicFile:resultFile. kosmicrnfo:'*html file 
returned "} 
end KosmicTask 

That’s it, I can't take planet AppleScript any longer, Fm ofiR 

Automation via Dark matter 

The dark matter in question here is primarily Cocoa (a 
collection of application orientated frameworks written in 
Objective-C). Now, most script authors probably don’t know much 
about bridging, a technology that allows one language to 
communicate with another. And there is no doubt that Cocc^ and 
its associated supporting frameworks are complex but there is very 
extensive documentation available to sustain the axrious. However, 
KosmicTask exists to make things accessible so we won't worry 
too much about how hard stuff can be, 

'Hie ScriptingBridgc is an OS X technology for automating 
applications via Objective-C. jSCocoa is a bridge between 
JavaScript and Objective-C. Put these two tilings together and you 
liave a means of automating applications from JavaScript. The 
following example is a duplicate of our Pages TO to HTML file 
processing task: 

Listing 12: AuU>mation in JavaScriptCocoa (JSCocoa) 

if load the ScriptingBridge framework 
1oadF ramewo rk("S c riptingBrid ge”) 

function kosmicTask(pagesDocFilePath) 

I 
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// use the ScriptingBridge framework to access the 
application 

var app = SBApplication.applicatlonWithEundleldentifierf 
■ com.apple.iWork.pages') 

// rtf file path 

var rtfDocFilePath = pagesDocFllePath + ".rtf" 

// open pages 

var rayDoc = app.openCpagesDocFilePath) 

/ i save doctiMent 

niyDoc.saveAs_in("SLDocum)eiitTypeRidiText''* rtfDocFilePath) 
// close document 

myDo c * closeSaving^eavlngln f f alse, nul 1) 
li form our file result path 

if this file will be automatically deleted when the task 
ends. 

var resultPile = KosmlcTafikController.resultFileWithName{ 
'reault-html■) 

// run RTF to HTML convertor as an external process 
var args " D-convert", 'html", "-output", resultFile, 
ttfDocFilePath] 

var task = NSTask.launchedTaskWithLaunchPath_arguiiients{ 

'/usr/bin/textutll", args) 

task.waltUnti]Exit 

// retitrri result dictionary 
return {kosmicFile: resultFilel 


I 

Application automation Is often tricky due lo the opacity of 
many application dictionaries and the ScripiingBridge has some 
undoubted foibles of its own but tlie approach is feasible. The 
online application help bocjk detnonstrates how to translate the 
above automation example into Ruby, Python, Lua, F-Script and 
AppieScriptObjC. 

One interesting point to note in the alxwe listing is the use of 
NSTask, a Cocoa founckition class for running subprocesses. 
Traditional JavaScript has no facility wliatsoevcr for tunning 
external programs so in this case the bridge really extends what is 
ptxssible with the language. 

Conclusion++ 

Hopefully this brief introduction to KosrnicTask lias been 
instructive and will encourage you to explore some of the great 
scripting technology that Ls available for OS X. KosmicTask makes 
extensive use of plug-ias and much of the application 
functionality, including language support^ Is implemented in this 
way. This architecture allows developers and more ambitious users 
to add support for additional scripting languages and data export 
formaLs. This is a topic that we will return to in a future article. 

We conclude with a Final particle of code. Way back in the 
introduction we made a reference to scripting in C+-f and the CfNT 
interpreter used by KosmicTask was developed at CERN, where, 
on Earth in 2011, the hum is on to determine whether the Higgs 
lx)son exists or not. The following task sometimes outputs an 
appropriate quip with regard to the reality of the elusive boson 
(and incidentally demonstrates how to styde a compile result with 
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css by using the kosmicStyle result key in combination with 
the kosmicData key): 

Listing 13: Fancy Higgs boson quip generation in €++ 

#incliide <stdlib> 
tfincliide <strlTig> 

int maindnt argc* char *argv[]) 

I 

fliggsQuip hquip: 

] 


printf 

1 


IkosmicDat a: “\ koami c S ty1e: 
quip. ci_str ( 31 css. c_str (}): 




h 

KasmicTask scans the result for the kosmicStyle key, 
interprets it as CSS and applies the defined styling to the contents 
of the kosmicData key. And today, here at least, the a>nclusive 
answer to the boson issue is: 


class HiggsQuip ( 
public: 

HlggfiQulpO [ 

// quips 

string qulpBosonC*'! told you so. says Peter* humMing 
contentedly*"): 

string qulpNoBosont'Take down that damn bunting."): 

/ / css 

string cssBoson("color:green: font'Style:italic: font- 
size: 7 2ps: :; 

string cssNoBo8on{*’color:red: font-weight: bo Id: font- 
size: 7 2px:"') ; 

// simple boson detector (no big magnets requited) 

Stand ((unsigned) title (0)); 

int bosonDetector “ randO % 100 + 1: 

string quip = [boaoEDetector >= 50 ? quipBoson : 
quipNoBoson): 

string CEE = (bosonDetector >= 50 1 cssBoson : 
cssNoBoson): 

// tell the world, it^s ,,, 
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Figure 5. Task edit window displaying a complex result styled with CSS. 


Web links 


KosmicTask download: 

http; / / WWW* mug g i nsofl, com /kos m icto sk/down load 
KosniicTask help book: http;//www.mugginsohxom/kosmictcisk/help 
JSCocoa site hi1p://inexdoxoni/J5Cocoa 
CINT C-H- site: hltp://root.cern*ch/drupal/content/cfnt 
Cocoa ref: http://developer-applexom/technologies/mac/cocoa.htmI 
ScriptingBddge ref: 

http: //developer.apple. com /I i brory/mac/#doc u mentaH on/Cocoa/ 
Concepfua l/Scr i pti ng Bn dgeConcepts 
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By Mihalis & Dimitris Tsoukalos 


Introduction 

Tills is another article in the series of articles about 
WircShark. This article presents a real problem that was 
resolved using WireShark and mainly involved two DHCP 
ser\Trs and the DHCP protocol, The problem symptoms were 
very bizarre. 

The network data presented here is from a simulation of 
the actual problem. We never publically publish actual network 
data due to .security reasons. 

The DHCP Protocol 

DHCP stands for, '‘Dynamic Host Configuration Protocol,” 
and is a protocol that provides coniiguniiion information to 
hosts on TCP/IP networks, DHCP is based on BOOTP (the 
Bootstrap PwtocoO and extends it by adding more capabilities. 
DHCP and BOOTl^ protocols Ixitli use the UDP protcx:ol with 
IJDP poits 67 and 68. 

Most of the time, DHCP provides the following 
information: IP address, Sulinet mask, DNS servers and Default 
gateway although it is capable of giving many more 
configuration parameters, 

DHCP supports, among others, the following basic 
messages: 

DHCPDISCOVER: the client that searches for a DHCP 
server sends this message. It is a broadcast message ftliis means 
that it is sent to a LAN only using the MAG address of the client 
because the client does not have an IP address yet). 


DHCPOFFER: when a DHCP server receives a 
DHCPDISCOVER message, it responds witli a DHCPOFFER 
message. 

DHCPl^EQUEST: The DHCPREQUEST message comes 
from a client, and provides information to the chosen DHCP 
server even if there is only one offer. 

DHCPACK: this message is the response of the chosen 
DHCP server, tt includes all the required configuration 
information. 

Figure 1 shows a normal DHCP transaction tliat involves 
the .AirptDit wireless card of an iMac and an ADSL router that 
itlso acts as a DHCP server 

The first packet is the DHCPDLSCOVER message from the 
iMac searching for a DHCP ser\'er Since the iMac does not have 
an IP address yet, the source IP of the packet Ls Q.O/LO and the 
destination IP is the broadcast IP C255.2i5.255.255). What 
distinguishes the Airport card of the iMac from the other 
network devices found in the same LAN is the MAC address of 
die Airport card, which is unique. Tlierefore the 
DHCPDISCOVER message should include the MAC address of 
the device reque.sting a DHCP server. 

The next me.ssage is the DHCPOFFER from the DHCP 
server with IP 192.168.1.1 and is a broadcast message since the 
iMac still has no IP address. 

Then the iMac requests foim die DHCP server the offered 
configuration parameteni with the DHCPREQUEST message. 
Next, the DHCP server sends a DHCPACK message liack to the 
iMac that includes the configuration parameters. From now on. 
the iMac can use the offered configuration information and any 
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1 Filter: bootp ^ j Expression.,, Clear Apply 

1 No. Time Source Destination Protocol Info 

1 O.OGOOQO 0.0.0.0 255.255.255.255 DHCP DtW 1 

hscover - Transaction ID Dx997942al 


6 0.134751 192.168.1.1 255.255.2^.255 DHCP DHCP Offer - Transaction ID 0x997942al 
71*135066 O.Q.O.O 255.255.255.255 DHCP DHCP Request - Transaction ID Gx997942al 
121*269104 192,168.1.1 255.255,255.255 DHCP DHCPACK - Transaction ID Ox997942a1 


Figure 1: A usual DHCP transaction 


54 SEPTEMBER - 20n 


WWW, MACTECH.COM 























Record. Edit. Share 

ScreenFlow is powerful, easy-to-use screencasting software for the Mac. With ScreenFlow you can 
record the contents of your entire nnonitor while also capturing your video camera, microphone and 
your computer audio. The easy-lo-use editing Interface lets you creatively edit your video, add 
additionai images, text, music and transitions for a truly professional-looking video. The finished 
result is a QuickTime or Windows Media movie, ready for publishing to your Web site, blog or 
directly to YouTube or Vimeo. 


Get a free trial at www. tele stream, netyscreenf low 

Teiestream.net 











1 Time 

1 Source 

1 Destination 

1 Protocol 

1 Length | Info 


T Yo7oo0ddd 

dfoTb^o 

2^.:S5.255.2!^ 

"IScp’'. 

342 OHCP Discover 

' Transaction ID OxTcdcacad I 

2 0.007067 

192.168.1.254 

2SS.:S5.2^.255 

DHCP 

321 DHCP Offer 

- Transaction ID OxTcdcacad 

3 O.Ot^lO 

0.0.0.0 

255.255-255.:^ 

DHCP 

353 DHCP Request 

- Transaction ID 0x7cdcacad 

4 O.G15050 

192.168.1.^ 

255.255-255.255 

DHCP 

321 DHCP ACK 

- Transaction ID 0x7cdcacad 

5 0.910851 

10.0.10.10 

255.255.255.255 

DHCP 

348 DHCP offer 

- Transaction ID 0x7cdcacad 

6 0.912131 

10.Q.10.10 

255.255.255.255 

DHCP 

348 DHCP Offer 

- Transaction ID 0x7cdcacad 


Figure 2: Alt DHCP-related packets 


] Time 

1 Source 

1 Destination 

1 Protocol 1 Length | Infa 




1 Q.GCK3O0O 

0.0.0.0 

255,255,255,255 

DHCP 

342 DHCP Discover 

- 

Transaction 

ID 0x7edeaead 

2 0.QO7O67 

192.168.1.254 

255.255,255,255 

DHCP 

321 DHCP Offer 

- 

Transaction 

ID Gx7cdcacacf 

3 0.008310 

0.0.0.0 

255,255,2^,255 

DHCP 

353 DHCP Request 

- 

Transaction 

ID 0x7cdcacad 

4 Q.OISOSO 

192.168.1.254 

255,255,255,255 

DHCP 

321 DHCP ACK 

- 

Transaction 

ID 0x7cdcacad 

5 C,91Q851 

10,0.10,10 

^,255,255,255 

DHCP 

348 DHCP Offer 

- 

Transaction 

ID 0x7cdcacad 

6 0,912131 

10.0.10.10 

2SS.25S.2S5.255 

DHCP 

348 DHCP Offer 

- 

Transaction 

ID 0x7cdcac4d 



Figure 3: The second DHCPOFFER message 




1 Time 

1 Source 

j Destination 

j Protocol 1 Length | Info 




1 G.O0C3GO0 

0.0.0,0 

255,255*255,^ 

DHCP 

342 DHCP Discover 

- 

Transaction 

ID 0x7cdcacad 

2 0.007067 

192.168.1.254 

255,255,255,255 

DHCP 

321 DHCP Offer 

- 

Transaction 

ID 0x7cdcacad 

3 0,008310 

0.0.0.0 

255,255,255,255 

DHCP 

353 DHCP Request 

- 

Transaction 

ID 0x7cdcdcad 

4 O.D1S05O 

192.168.1.254 

255,255,255,255 

DHCP 

321 DHCP ACK 

* 

Transaction 

ID 0x7cdcacad 

5 0,910851 

10.0.10.10 

255,255,^,255 

DHCP 

348 DHCP Offer 

- 

Transaction 

ID 0x7cdcacad 

6 0.912131 

10.0.10.10 

255,255.255,255 

DHCP 

348 DHO* Offer 

- 

Transaction 

ID 0x7cdcacad 



Figure 4: The first DHCPOFFER message 




. j Time 

1 Source 

1 Destination 

1 Protocol 

1 Length j Info 




1 0,000000 

0,0.0,0 

255,255,255,255 

CHGP 

342 DHCP Discover 

- 

T ransaction 

ID 0x7cdcacad 

2 0,007007 

192.168,1,254 

255,255,255,255 

DHCP 

321 OHCP offer 

* 

Transaction 

ID 0x7cdcacad 

3 0.OD8310 

0,0.0,0 

255.255,255.^5 

DHCP 

353 DHCP Request 


Transaction 

ID 0x7cdcacad 

40,015050 

192.168.1.254 

255,255,255,255 

DHCP- 

321 DHCP ACK 


Transaction 

ID Ox7cdc^ad 

5 0.910851 

10,0,10,10 

255,255,255,255 

DHCP 

348 DHCP Offer 

- 

Transaction 

ID 0x7cdcacad 

6 0.912131 

10,0,10,10 

255,255,255,255 

DHCP 

348 OHCP offer 

- 

Transaction 

ID Qx7cdc3cad 


Figure 5: The DHCPACK message 


parameter that is unique to die LMac, like die IP address, is 
reserved by the DHCP serv'er and is not olTered to any odier 
device. 

The Problem 

While one of us was working for a company as an 
administrator, the following situation came up: some computers 
could not connect to the company's network although my own 
computer was OK. Af ter investigating the prnhlem, I found out 
that after a given time no computer could correctly connect to 
die comp'any’s network and additionally after a properly 
working computer w'as rebooted, it could not connect to the 
c:ompany\s network! 

It is easy to guess that there was a legitimate DHCP server 
running on the network that supplied IP addresses and the rest 
of the configuration information to all computers. 


Problem Analysis using WireShark 

My computer was connected to an Elite met switch using a 
good old 8-pcjri Ethernet Hub. So, I connected a laptop to 
another port of the Hub, I started WireShark on my computer 
and then 1 .switched on the laptop asking it to get its IP address 
using DHCP After a few minutes, f had all the needed 
information to solve the problem. 

Figure 2 sliow^s all the DHCP packets that were interacting 
with the laptop. Tliere were two DHCPOFFER messages from 
two different IP addresses {192.I68J.254 and lO.O.lO.lO) but 
it w'as supposed to be only one DHCP server {10,0.10.10) on 
the network. This was the first truly useful him for solving the 
actual problem (see Figure 2), 

Figure 3 ( above) shows the DHCPOFFER message from the 
'^right'' DHCP serv^er. This was tlie expected DHCPOFFER 
message, llie IP address of the DHCP server is 10.0.10.10. The 
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10,0.10.10 DHCP server offered the 10.0,10.100 IP address to 
the laptop. 

As the DHCP server did not get any answer from the client, 
it resent the DHCPOFFER message (packet number 6) but as 
you can see it was already too late (packet number 4). 

Figure 4 shows the DHCPOFFER message from the 
“unexpected" DHCP server. The IP address of the DHCP server 
is 192.168.1.254. 'Fhe 192.168.1.254 DHCP server offered the 
192 . 168 . 1.60 IP address to the laptop. As you can guess, all 
computers that could not properly connect to the network were 
having IPs in the 192.168.1,1-253 range (See Figure 4), 

In figure 5 we confirmed what we saw in figure 4: the 
laptop finally preferred the wrong DHCP server to get its 
infbnnation. 7lie reason for choosing the 192.168.1.254 DHCP 
server is that it responded first. Pretty simple reason, yet it 
caused many problems (See Figure 5). 

The Solution 

After finding out that there was a second DHCP server that 
triggered the problem, 1 was able to find out on which Ethernet 
switch port was the physical computer that caused the problem 
by running some simple Cisco lOS commandS'-Cisco lOS is a 
very powerful operating system-that directed me from our core 
routers to the specific Ethernet switch and then to the exact 
switch port the second DHCP server was connected on. 

This particular computer was running a virtual machine 
( VM). The OS on the VM had its DHCP server running and tiiat 
was the cause of tlie problem! Pretty tricky, don't you think? 

Summary 

The whole DHCP problem came up one day and solved 
the same day in less than one hour with rite help of WireShark. 
Tlte problem was complicated but WireShark made everything 
easier. 
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Payload-free Packages, Part 2 

Using “payload-free" packages to install 
software—from an extension to a full OS. 


by Greg Neagle, MacEnterprise.org 


U MacEnterprise.org 

Mac 05 X enterprise deployment project 



Previously in MacEnterprise 

in lust month’s MacEnterprise column, we Ix^gan a look at so- 
called "payload-free'’ packages. In traditional Apple Instiiller 
packages, tlie package contaias a '"prayload’ of files and directories 
in a compressed arciiive. lliese files and directories are extracted 
from the archive and copied to tlte target volume. Additionally, a 
package may contain scripts that are njn before ;ind/or after liie 
payload is installed; these scripLs often perform additional 
installation tasks or configuraticjn steps. 

In a “payltxid-free’" package, the file archive Ls virtually 
empty—it may contain a single file or directory which is usually 
installed somewhere dLsjxisahle, like /trap. But the real wx)rk of 
the package is done in the package .sa ipts. Payload-free packages 
can be used to run system configuration scripts. By w^nipping the 
script into a payload-free package, you can include the script in 
package-based workflow^s, like building an OS instaOation image 
with InsUiDMG or Apple’s System Image Utility, or with 
Deploy^tuclio, or with softw^are distribution systems like Gisper, 
Absolute Manage, or Munki. 

Along those lines, last month we iTeated a script tliat turned 
off Bluetooth, and then modified it and inserted it into a [>ayload- 
free package. We could then drop that package into an InstaDMG 
or System Image Utility' workflow and cretite an OS install image 
that ensured Bluetooth w^as turned off. Or we could use our 
favorite software distribution mechanism to install tliat package on 
existing maciiines, making cenam Bluetcx>th was turned off on 
those as well. 

Payload-free packages ...with 
payloads? 

Tliere is another class of pnjhleni for which payload-free 
packages can be a possible solution: installing soitware that Isn’t 
distributed in the Apple package format. There are many st^ftware 
items dial are di,stributed in formats that are incompatible with 
Apple’s Installer. A common solution for enterprise deployment of 
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this ty^pe of software is to “repackage’’ the software. This usually 
involves figuring our exactly what gets installed and then aeating 
a new package where the payload arciiive contains the files and 
directories that are installed. 

Wliile this is often a succe.ssful technique, it can sometimes 
l>e difiicult to accurately determine die complete list of files and 
directories to package up. More importantly, it’s a time-consuming 
and tedious task. Worse, it must lx.* done over and over again - for 
new versions; and for other items distributed in the .same format. 

If the software has a way to be silently iastalled via the 
command line, an alternative approach is to ase a payload-free 
package to install the item. With a bit of care, the work you might 
do to create a payload-free pacbige for this sort of software can 
be nipidly reused for new' versions of the softw^are or other similar 
items. 

Installing Adobe CSS Extensions 

Let's consider a real-world example! 

Several Adobe CSS apj^^Iications support the installation of 
‘extensions" which add additional features and capabilities to 
those applications. Unfortunately, tliese CS5 extensions are 
distri[)uted in a proprietary fonral and require the use of the 
Adoix? Extension Manager CS5 ai^plication to install and remove 
them. But fortunately, AdoI>e has also documented a w^py to install 
and remove Adolie CS5 extensions via the command line. You 
can find dial documentation here: hftp://macte.ch/aemcli 
(http://belp.adobe.com/en_US/extensionmanager/cs/ using/WSB484 
SEDfXl 4E5476O&749TF328B30D14F.html) 

We write a script that uses the command line method of 
installing and removing CSS extensions, and we can wrap that 
script into a paykxid-free package. Of aiurse, it’s not really a 
payload-free package any longer since w^e are going to provide a 
different kind of payloatL Stilf the standard Apple payload at 
Contents/Archive-pax - gz will lie empty. 

If this sounds a bit familiar, it should. A variation of this 
approach is exactly how the Adobe Application Manager, 
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Enterprise Edition (AAMEE) creates Apple iristaiktion packages 
from Adobe installation media. AAMEE-generaied packages aie 
payload-free packages that run the Adobe installer tools as 
package scripts. 

For our example, well use a Photoshop CS5 octension 
known as "John's Artists Brushes”* You can read about them on 
John Denys’s website here: http://www.iohnsai^st5brushes.com/. 
Feel free to substitute any CS5 extension* however, if you are 
following along. 

Like many other Photoshop CS5 extension, John’s Artists 
Bmshes are distributed in a “*zxp” archive file. For individual 
users, the user can just double-click on the 
"John_Derry_Installenzxp" file. Adobe Extension Manager CS5 
will launch and walk the user tlirough installing the extension. See 
Figure 1 for an example. 


ADOeriXTENSION MANAGER css 

File Help 


ntODUCtS 

Eubtecl Ejdfifulqn Venliin Aittnr 

Pi Photoibop CSS 

^ ^ John Danv Erutltu l.O.D John Derry 

1^ IrldgflCSS 





Figure 1 - Adobe Extension Manageress 


What works well for the individual user is a pain for the 
system administrator. Any self-respecting system administrator 
does not want to have to walk around double-clicking icons and 
clicking buttons and agreeing to liceases. The cominand line to 
the rescue! Adobe CS5 exteasions can be installed by calling 
Adobe Extension Manager CS5 from the command line widi 
various opticas. We can install John's Artist’s Bmshes like so; 

eudo /Applications/Adobe \ Extension^ Mana.ger\ CS5/Adc5he\ 
EKtension\ Manager\ CS5.app/ContentB/MacOS/Adobe\ Extension\ 
Manager\ CS5 -suppress -install zxp="'John_Derry„InstaIler*zxp’' 

(This is all one very long line*) We call the Adobe Exteasion 
Manager CS5 executable; tell it to suppress the license dialog box 
and any success confirmation, and teU it to install the “zxp" 
archive named ‘Jolin_Derry_lnstaller.zxp'', 

Once weVe verified that we can install tliis extension via the 
command-line, we can create a payload-free package that does it 
as w'elL like last montli, we can start with the payload-free 
package template available here: htfp://goo.gl/5bRoR 
(hftp://dl.dropbox.com/u/8119814/payload-trde.pkg.zip) 

You can dow'nload a working ptjstllight script to add to the 
package template, in Contents/Resources from the MacTech 
source ccxle archive at ftp://flp.mQdech.com. 

Tit is Python script is probably a hit more complex than you 
expected* It turas oul that tliem is a complication: Adobe 
Extension Manager CS5 is an application that presents a user 
interface—even if we cal) it via command-line it wants access to 
tile window manager, This is a problem if we try to do this when 
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the machine is at the loginwindow. If we don't take special action 
w'hen calling Adobe Extension Manager when in this state, the 
postflight script will fail and you'll see errors similar to these in 
/var/log/installer.log: 

installer[573]: ./postflight: Adobe Extension Manager CS5[57Bl 
<yarning>: 3891612i (connectAndCheck) Untrusted apps ate not 
allowed to connect to or launch Window Server before login, 
installer[573 ]1 ./postflight: Adobe Extension Manager CS5l578l 
<Error>: kCGErrorFailure: Set a breakpoint @ 
CGErrorBreakpointt) to catch errors as they are logged, 
lnstaller[573]: ./postflight: JRegisterApplication[), FAILED 
TO Establish the default connection to the WindowServer. 
_CGSDefauitConnectlon() is NULL. 


To avoid tliis is.sue, we need to indirectly call Adobe 
Extension Manager using "launchctl bsexec' so that Adobe 
Extension Manager runs in the same context as the loginwindow. 
All of this logic is encapsulated in the runCommand(cind) 
hmaion, which calls getconsoleuser() to determine if we 
are at the loginwindow, and getPID( processname) to get the 
process id of the loginwindow. By using " launchctl bsexec" 
to call it indirectly, Adolie Extension Manager will successfully 
install extensions wiien no-one is logged in, or the machine is 
switched to the loginwindow in a Fast User Switching 
environment. 

Let's walk tlirough the main part of die script, the teginning 
of which is marked #### main ####. First, we get die 
arguments passed to us by die installer, Tlie patli to die package 
itself is passed in sys.argv[l] ($1 if diis was a shell script), 
and the path to die target volume is in sys -argvf 3 ] ($3 if this 
wus a shell script). 

If die target volume is not the startup volume, we print an 
error message and exit, I haven’t tested to see if Adobe Extension 
Manager installs extensions correctly when it is on volume other 
than the startup disk, so this .script doesn't even try in this 
situation, 

Next, we look for the Adolie Fjrtension Manager CS5 binary, 
and again print an error me,s,sage and exit if we can’t find it. 

Now^ finally, we arrive at the meiit of the script. Instead of 
hard-coding the name of the CS5 extension to install, instead the 
script looks through all the files in the package’s 
Contents/Resources directory, looking for filenames ending 
wath “.zxp" and “.mxp”. For any files that match, it then calls the 
AdolTe Extension Manager CSS binary to install them. 

You can see that you’ll need to copy the CSS extension to 
the Contents/Resources directory, since that’s where the 
script looks for CSS extensions to install. The useful thing about 
this approach is that it is quickly reusable - you can install other 
CSS extensions by making a copy of this package and replacing 
the CSS extension(s) in Content/Resources with odier CSS 
extensions. 

A working version of die payloadTree package wih look 
something like Figure 2. You also will probably want to edit tlie 
Info-plist and Description-plist files to reflect tlie 
current name and description of the package. See last mondi’s 
MacEnterprise column for details. 
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^ ^ JohnsAftistsBrushes^pkg 

_II items. 6B.91 CB availabte_ 

Name 

O Contents 

Q) Archive, bom 
[]j AfchJve.pax.92 
Info.pitst 
Pkglnfo 

^ 9 Resources 
▼ 9 enJproJ 

^ DescriptJon.piist 
jbL John_DerfvJnstaUer, 2 Xp 
[j paci<age_version 
■I postflight 

Figure 2 - A completed JohnsArtistsBrushes^pkg 


You can find a completed version of this package (minus the 
actual CS5 extension) here: h[tp://goo.gl/FD[Qv 

(hltp://dLdropbox,com/u/8119814/CS5_extension Jem plate, pkg .zip 

). 

Installing Lion 

lastaliing a CS5 extension is a pretty small task. Adobe 
Applic'iUion Manager, Enterprise Edition (AAMEE) generates 
payload-free packages that can iastall the entire Adolx? CS5 
Master Collection^ cc^mplete witJi all current updates, But we am 
think even bigger. It is possible to install (or upgrade to) Mac OS 
X Lion via a payload-free package! 

Prior to the release of Mac OS X Lion, installing a major OS 
upgrade always involved Ix^oting from an alternate disk. This 
might be a DVD, an external disk, or a neiw'ork-based NetBoot 
disk. Since prior major OS releases came on physical DVDs, this 
worked well enough. But with Lion, Apple's preferred distribution 
methcxi is the Mac App Store, Mac owners can buy Lion, wliich 
is downloaded as an Tnstali Mac OS X Lion” application to their 
/Applications folder. Tlie Mac owner then can upgrade to 
Lion by mnning the application. Hie 'Install Mac OS X Lion” 
application can even install lion on the current startup disk, a 
new trick for Mac OS X installers. 

In an enterprise environment, upgrading existing machines 
using the 'install Mac OS X lion” application Ls not an ideal 
approach. You'd eitlier have to have a technician visit each 
machine and manually download and run the application, nr 
figure out some way to have each user do this set of tasks. 

Fortunately, you can still use tire same tecliniques for 
deploying Lion tliat you could use with previcjus releases of Mac 
OS X. It is possible to install Lion using Apple’s Netlnstall or 
NetRestore, or using a third-party tool such as DepkA^tudio, All 
of these methods can use the InstallESD^dmg disk image that 
is inside the "Install Mac OS X Lion” application bundle as a 
repkrcement for a physical OS X install DVD that you might have 


KNOW...BEFORE 
IT'S TOO LATE. 

THE BACKBONE OF YOUR MAC® BASED 
MANAGED SERVICES PLATFORM 


Client Group: Computer Name: TY& 

V" Hard Drive Health 

No dish errors detected. 

_ wltkL kv ; boot dlsfe -fULL 


RAM Health 

Nc trow.bLe 




RAID Status 


- NO trpLtbLc fow:iA.d* 


Time Machine Status 

Last suooc^sfE/tl 

Server Status 

_ MyiLte, QriaskPUiiA-. 

_ Ligkbspeed P03 ^ No trou-ble fout-vd. 




Check Malware 


No m-a lwairi repo rted . 


• Zero configuration 

• Cost effective 

• At-a-glance reporting 

• Email alerts 

• Custom branding available 
(white label by default) 

Pricing information at watchmanmonitoring.com/mactech 


WATCHMAN 

MONITORING 


- 

www.watchmanmonitoring.com 






























used for previous releases. Some of these methods can be 
automated to some degree as well. 

But Lion also opens up a new deployment option. Since 
the ‘'Install Mac OS X Lion“ application can install Lion on 
the current startup disk, it seems like it should be possible 
to use a script or payload-free package to perform the same 
prep work diat the ' Install Mac OS X Lion^ application does 
in order to perform the install 

It turns out that it Is indeed possible. The '‘InstallLion.pkg” 
tools, available at http://code.goagle.eom/p/munki/ 
downloads/list, can help you create a package that you can use 
to install Lion. 

You can use tliis package with any deployment tool that 
utilizes Apple packages: Munki, Casper or Absolute Manage, as 
examples. You can even use this package with Apple Remote 
Desktop and DeployStudio, 

What you need 

To create and use a payload-free package to install Lion, you 
need three things: 

'ITie "InstallLion.pkg" tools. Tlicy are available as a zip archive 
at tlie iilx)ve URL, or in a Git repository you c'an done using: git 
clone https://code.google.corn/p/munki.install- 
lionpkg/ 

A copy of the ‘‘Install Mac OS X Lion"" application, 
downloaded from tlie Mac App Store, or a copy of the 
installESD.dmg fora specific hardw^are model obtained with 


the methods described here: 

http:// www.afp548 .com/articb.php?story=gefting-liorhlnstalbrs 
A license for Mac OS X Lion for each machine to which you 
will deploy Lion. 

What you do 

Once youVe downloaded and expanded the zip archive, or 
cloned the Git repo, you'll have a set of files something like Figure 
3- 


W mtinkiJnstalillQnpkg 


4 items, 69.12 CB available 

Name 


■ cusmmizelnstallESO 


■ getIncompatibleAppListFkg 


9 InstallLion.pkg 


jl README-tXt 


t__ — i 

* A 


Figure 1 - InstallLion package tools 

Take some time to review the README, txt file—it will have 
up to (kite information, w^hich may have changed a bit since this 
article was submitted for publication. 

F(>r a bask install of lion, you only need to copy the 
InstallESD.dmg file into the Content/Resources directory 
of InstallLion.pkg, The InstallESD^dmg can be found 
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inside the “Install Mac OS X Lion” application inside the 
Contents/SharedSupport subfolder. 

(If you are working in the Finder, you can show the contents 
of botli the “Install Mac OS X Lion” applic'^iiion and tlie 
InstallLion package by control-clicking on each and 
choosing Show Package Contents from the pr^pup menu. You 
can then option-drag the InstallESD^dmg into the 
InstallLion package. See Figure 4.) 


n Id Install Mac OS X... 
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Namt _^ 

Name 
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■ postfilght 
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Figure 4 - Copying jnsta[IESD.dmg to lnsta[lllon.pkg 

That’s all you need to do for a basic non-customized 
installation - InstallLion.pkg can now be used to do an 
unattended install of Mac OS X Lion. Use your favorite software 


dLstribution method to install this package on machines you wish 
to upgrade to Lion. 

How it works 

InstallLion.pkg Ls a '‘payload-free” package with a 
dummy payload. The real work Ls done in a package postflight 
script located at 

InstallLion. pkg/Contents/Resources/postflight. 
Ifs written in Pytlion, so you can examine it at detail if you wish. 

The postflight script performs an approximation of the 
actions that the GUI ‘Install Mac OS X Lion” application performs 
w^hen you chaise to install Lion on the cnirrent startup disk. 

Those actions are; 

Create a “Mac OS X Install Data" directory at the root of the 
target volume. 

Mount the InstallESD.dmg disk image. 

Copy the kerneIcache and boot.efi files from the disk 
image to the “Mac OS X Install Data” directory. 

Unmount (eject) the InstallESD.dmg disk image. 

If the InstallLion.pkg is on the same volume as the 
target volume, create a liard link to the InstallESD. dmg disk 
image in “Mac OS X Install Data”, otherwise copy the 
InstallESD.dmg disk image to that directory. 

Create a com.apple.Boot.plist file in the “Mac OS X 
Install Data” directory. Tliis tells the kernel how to mount the disk 
image to use for booting. 

Create a minstallconfig.xml file, which tells the OS X 
Installer what to install and to which volume to install it. It also 
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provides a path to a MacOSXInstaller .choiceChanges file 
if one has been included in the package. 

Create an index, sproduct file and an 
OSInstallAttr .plist in the ""Mac OS X Install Data" 
direaory* These are also used by the OS X Installer. 

Set a variable in nvram that the OS X Installer uses to find 
the prcxlua install information after reboot. 

Use the bless cominand to cause the Mac to hooi from die 
kernel files copied to the '‘Mac OS X lastall Data" directory. 

The next step would be to reboot, but the postflighl script 
does not do this; it just exits. The package is marked as requiring 
a reboot, so w^hatever mechanism is used to iastall the package is 
responsible for rebooting as soon as possible after the install 

Upon reboot, tlie machine lx>ots and runs the Lion Installer 
just as if you had am tlie "install Mac OS X Lion" application 
manually. It creates a "Recovery HD" partition if needed and 
possible, and then installs Lion on tlie target volume, displaying 
die OS X Installer GUI. When installation is complete, the 
machine reboots a second time, this time booting from tlie new^ 
Lion installation. 

Customizing the install 

You can customize the Lion install by providing a 
MacOSXInstaller .choiceChanges file, and you can install 
additional packages after the installation by adding diem to die 
InstallESD-dmg file using the customizelnstallESD 
tcx)L See the README. txt for details on these* customizations. 

Conclusion 

WeVe seen that payload-free packages are a very useful 
tiling for a Mac OS X administrator to have in his or her tool belt. 
Tliey am be used to run system configuration scripts, to add or 
remove printer queues and to remove previously installed 
software. 

Since payload-free packages are essentially a way to run a 
script, they am also tie used to install software - and are useful 
for installing softw-are dial is not distributed in Apple package 
tbnnat. If you am install the software via a script or a tool that 
can be called via the command-line, instead of repackaging the 
software, you may lie able to create a payload-free package that 
iastalls the software using die vendor-supported tools. 
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Adobe 

Flash Builder 
and Flex 

by Dennis Sellers 

Adobe’s (http://svww.adobexom) Flash Builder 4.5 and Flex 
4.5J software enables developers to build applications for 
iPhone, iPad and BlackBerry PlayBook devices- Support for 
Android was released in April 201L 

"’Developers have a single platforni for building highly 
expressive mobile applications and can be distributed via the 
Apple App Store, Android Marketplace, and BlackBerry App 
World. Offered standalone or as part of Creative Suite 5.5 Web 
Premium and Master Collection, Flash Builder 4.5 enables the 
creation of applications that work seamlessly across leading 
mobile device platforms,” says Ed Rowe, vice president of 
developer tooling, Adol^e. 

Adobe has also recently announced the Adolx* Digital 
Enterprise Platform. With consumers increasingly engaging with 
more content on smartphones and tablets, large enterprises are 
required to add mobile applications as a core part 
of their marketing strategy. Simultaneously, IT 
organizations are looking to build business 
prcx:ess, CRM and other employee productivity 
applications to support die broad range of devices 
and platforms in use today. Using Flash Builder 
and Flex, enterprises can now use one tfxil, one 
framework and one codebase to "create high 
performance applications that run on desktops as 
well as on smartphones and tablets, says Rowe. 

Flex 4.5d also includes productivity 
enhancements that allow developers to build 
applications for the desktop, Web and top mobile 
platforms. Using Ix^st practice code templates, 
code completion and code generation features in 
Flash Builder 4.5, developers can accelerate the creation of Flex 
and ActionScript applications and deploy tliem using Adobe 
AIR software, Adobe’s runtime for standalone applications. 

Adobe is showing off a numlier of mobile applications 
built using Flash Builder 4.5 and Flex 4.5.1: 

• Conqu Chttp://adobe.ly/m46BTr) is a task management tool 
designed to help conquer an email inbox and get things 
done; 

• Mr. Mixit fhttp://adobe.ly/meeMSk) is a spin-based matching 
game where users must mix record labels against the clock. 

• Muni Tracker (hffp://adobe. ty/ihOnllp) tnicks San Franisco 



adobe flash builder 4 
SlMdvdlditior 



Muni locations and arrival time predictions on a map 
updating live every lOseconds. Favorite transit stops and 
lines can also be bookmarked for easy access later. 

• PolitiFact Mobile App (http://adobe.ly/ky4GqF) helps you 
"find the truth in politics/ with features including the Truth 
Index, Truth-O-Meter and Flip-O-Meter. 

• Pyrambc (http://adobe.ly/meeMSk) is a W'ord game that 
combines the strategy of Cryptoqiiote witli the simplicity of 
Boggle. 

For iOS, developers are not writing an Objective-C app, but 
according to Adobe, the byte code generated looks very similar 
to those apps. Because the tools are cross platform, however, 
new features introduced in iOS will lag behind 
native Qbjective-C applications. Developers 
targeting the richest iOS or other platform 
experience or need specific environment 
features, should probably use native tools. That 
said, for ihvse that need cros-s platform most, 
these tools give you that core benefiL 

To purchase or download a trial version of 
Flash Builder 4.5, go to 
http://www.adob«.com/products/flash-builder,html . 
The street price is USS249 for Fksh Builder 4.5 
Standard, $699 for Flash Builder 4.5 Premium. 
Flash Builder 4.5 Premium is also available as 
part of the Adobe Creative Suite 5,5 Web 
Premium and Master Collection, Lfpgrade pricing 
for Flash Builder 4,5 is $49 and volunie licensing is available. 
Flex 4.5,1 is available as a free open source framework. Also, 
Flash Builder for PHP now supports mobile application, 
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THE MACTECH SPOTLIGHT 

MISMPm KMPLIFP 

Binary Bakery - http://www.bmarybokery.(om 


What do you do? 

By day I work as a coasultanl for a European investinent bank 
dealing with mergers and acquisitioas and fundraising—so you am 
imagine ifs as far removed from coding as can be. By night. I bum 
the midniglit oil working on what Fm really passionate about; 
programming in C and Objective-C (witli a bit of assembly 
sometimes thrown in). As is typical of one-man indie outfits, Fm the 
cliief baker, the chief support officer, die 
cliief eveiytliing with an awesome wife 
who supports me fully as I toil away 
developing apps in unsocial hours. 


How long have you been doing what 
you do? 

Fve always been interested in 
programming since I was a kid. I think 1 
was around six when 1 typed in my first 
program in BASIC. My dad also enrolled 
me in computer coutses during that time. 

As for Binary Bakery, it all started a 
couple of years hack when 1 was 
lietween jobs and I ha<l alxiut three 
months of time to kill. I also had just 
finished reading Aaron Hillegass' 
excellent Cocoa ProgmmiHmg/QrMac OS 
X and was itching to write an app. llie 
right idai aime along as 1 was working in 
Photoshofi on my dual-display setup and 
was frustrated w idi JVkic OS X's sumewimt 
lacking multi monitor support; this 
prompted me to develop MenuEverv'where. 

I never intended to ct>mmercialize the app, liui after having 
worked on it for some lime, 1 thought it wcjuldn t hurt to put it up 
as shareware; a sort of litmus test to see if others would actually 
pay for something 1 wrote. Within ten ininuieH of it lieing listed in 
one of the JVhic app diiectories I sold my first ticen.se to .some guy 
in Germany. 

What was your first computer? 

A VTech Apple H clone; it was the first machine that I played 
aa)und with. S(X)n after we got a Commodore 64 and that's the 
machine on w^hich I took my first real steps to learn programming. 

Wliat's the coolest tech thing you’ve done using OS X? 

MeniiEveiy^vheie - an app tJiat recreates the menu bar on any 
screen and on any window. When waiting a user interface 



enhancement app thafs .supposed to beliave well with virtually 
all other Mac OS X apps ever wmtten, there are lots of varialies 
that cx>uld go wrong. Fm quite pleased with the way 
MenuEverywhere has dev^ebped and matured to the point of 
working w^ell with almost all apps out there. 

Ever? 

Ever? Fd say writing my own Accessibility API framework 
thafs useful for coding all the app ideas I have for everything 
from w^indow management to menu management. 

What is die advice you’d give to someone trying to get into 
this line of work today? 

Perseverance, discipline and passion are musts for indie devs. 
Developing on your own there is the risk of ending up doing 
something that may or may not end up paying you back (be it user 
satisfaction or sales) for the time commitment. Learn from your 
mistakes, tap into tlie wonderful Mac OS X 
dev' community and keep at it 


Anything that you consider 
indispensable for your work? 

My lil^niry of developmeni bcx>ks, 
everything fre^m Kemighan & Ritchie's C 
book to Hillegass - without such books Fd 
have no direction to leani what I’ve learnt, 
especially since 1 have no formal computer 
science training. 

Wliere can we see a sample of your 
work? 

Trial versions of my apps are available 
at www.binarybakery.com 

The next way Vm going to impact the 
Mac universe is: 

There are a few neat user interface 
paradigms out there that have either l:>een 
left out OT deprecated from OS X. Im 
working on tlie next major version of 
Menu Everywhere which will have some pretty interesting 
appimches to “menuing" and selecting commands. 

Anything else we should know? 

Tliere aren’t radiy any barriei> or obstacles to entry in terms 
of indie development. It's all aliout commitment and taking the 
rime to learn as much as you am, Lcx>k at me; 1 live all tiie way in 
the tiny island state of Bahrain where you either end up working 
in the financial sector or tourism sector. Tliere is no tech sector 
Tliai hasn I stopped me from learning programming and 
writing apps that make tliousands of Mac users that little bit more 
pleased when using tlieir macliines. ( j 


ii 


\\ 


H you or someone you know beloags m the MatTeth Spofl^t, kt os 
knowl Send dettds to etStoru^uattedixm 
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* Mac shopping made easy. 

Grab that to-do list, and prepare for some one-stop shopping at 
A Smalldog.com! 


s 




Bundles simplify the buying process 

Mac bundles {think Mac + RAM + Apple Care + external hard drive, etc.) 
not only include everything you need, but also save you money. 

Visit» SmaIldog.com/specials 


9 

9 

9 

9 

9 

9 

9 

9 

9 

9 

9 
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Macs from under $500 

We carry all current Macs as well as used, refurbished and closeout 
models, so there is a Mac for any budget. 

Visit» Smalldog.com/macs 

Free shipping over $200 

It’s true-we provide free, same-day ground shipping on every item over 
$200 every day. 




Tax-fr66 shopping 


Purchases outside of Vermont are 
always shipped tax-free. 


13" Mac5ook?ro + 
Chill Pill® mobile speakers 


Small Dog 

Electronics 

Mour GAe 


www.smalldog.com 
800'511-HACS 
m Apple Specialist 


j 
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Celebrating 15 Years • 3rd Largest Apple Specialist in New England • 5-Star Merchant Rating • Same-day shipping 





Bundles T Macs Free Shipping T Tax-Free 









Terminal 


Don’t ignore 607o of your market 

www.tethras.com 


a:~ itunesS sh localize_w1 th_tethras.sh tnyApp.xcodeproj 

Mon Hay 10 09:10:05 Starting upload of 

myApp.xcodeproj to tethrasTconi 

Mon May 10 09:10:55 English.Iproj directory 

successfully uploaded 

Mon Hay 10 09:12:13 6 files / 630 words processed 

Mon May 10 09:14:13 Pseudo-translated files written 
to /Developer/myApp/pseudo.Iproj 


Mon Hay 10 09:14:15 
Mon May 10 09:14:15 
Mon Hay 10 09:14:15 
Mon May 10 09:14:15 
Enter your selection: 
4 

Mon May 10 09:16:43 
purchased 

Mon Hay 10 09:24:01 
Mon Hay 10 09:24:40 
Mon Hay 10 09:25;02 


(1) Purchase French: $94.50 

(2) Purchase German: $94.50 

(3) Purchase Japanese: $126.00 

(4) Purchase all: $315.00 


French. German and Japanese 

French sent for translation 
German sent for translation 
Japanese sent for translation 


Wed Hay 12 15:03:08 French files written to 
/Developer/myApp/de.Iproj 

Wed Hay 12 15:03:26 German files written to 
/Developer/myApp/fr.Iproj 

Wed Hay 12 15:03:58 Japanese files written to 
/Developer/myApp/ja.Iproj 


DOES YOUR APP ONLY SPEAK ENGLISH? 

Go Global and Localize with 









